[tbb-bugs] #30392 [Applications/Tor Browser]: CSS features allow real-time tracking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 11 16:44:42 UTC 2019
#30392: CSS features allow real-time tracking
--------------------------------------+-----------------------------------
Reporter: davywtf | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by davywtf):
Tracking in the sense that it can be used to fingerprint users based on
behavior that's hard for the user to hide. And the user may be completely
unaware that it's happening since they typically don't assume metrics are
being collected on static pages with NoScript.
To give you some ideas:
- Based on motion you can determine mouse vs touchpad vs keyboard
navigation
- If research into gait analysis translates you should be able to predict
biometrics (arm dimensions) from mouse movement
- Reveals screen visibility (scroll location, window dimensions, etc)
So it's not a major threat in the sense that it's directly identifying a
user or their machine (unless those metrics are already known) but it's a
potential fingerprinting data point that could be mitigated entirely by
preloading content linked from CSS. And the future of online tracking and
privacy violation will almost certainly involve basic machine learning
approaches applied to seemingly innocuous user input like this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30392#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list