[tor-bugs] #9451 [Tor bundles/installation]: de-anonymisation by readable @font-face CSS attribute - TBB settings update (was: de-anonymisation by readable @font-face CSS attribute)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 7 16:38:37 UTC 2013
#9451: de-anonymisation by readable @font-face CSS attribute - TBB settings update
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: erinn
Type: defect | Status: reopened
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version:
bundles/installation | Keywords: de-anonymization, TBB,
Resolution: | font settings
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Changes (by cypherpunks):
* status: closed => reopened
* cc: team@… (added)
* priority: critical => normal
* milestone: => Tor: unspecified
* keywords: => de-anonymization, TBB, font settings
* resolution: not a bug =>
Comment:
In the latest build of the Tor Browser Bundle (3.0alpha1 as of November
7th), it's unclear why Firefox is left configured to allow pages to choose
their own fonts by default. In addition to undermining anonymity, allowing
pages to ascertain font availability could be used to determine a user's
likely operating system for browser exploit targeting.
The setting can be found via the TBB
Preferences-->Content-->Advanced-->"Allow pages to choose their own
fonts.." checkbox.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9451#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list