[tor-bugs] #13875 [Tor Browser]: Tor Browser DPI spoofing is broken if the user changes zoom level

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 1 20:15:48 UTC 2014 

#13875: Tor Browser DPI spoofing is broken if the user changes zoom level
--------------------------------+--------------------------
 Reporter:  isis                |          Owner:  tbb-team
     Type:  defect              |         Status:  new
 Priority:  normal              |      Milestone:
Component:  Tor Browser         |        Version:
 Keywords:  tbb-fingerprinting  |  Actual Points:
Parent ID:                      |         Points:
--------------------------------+--------------------------
 I suspected that the test for DPI at browserspy.dk was not functioning
 properly, so [https://twitter.com/isislovecruft/status/538920057972461569
 I kind of dared people on Twitter to come up with a PoC] for using
 relative element sizing to infer true DPI, beating Tor Browser's DPI-
 spoofing. [https://twitter.com/0xPoly/status/539475293141233664 0xPoly
 reported] that the true DPI size can be inferred via such a mechanism, and
 provided the following [http://jsfiddle.net/4w8cuvet/ example PoC]:

 page.html:
 {{{
 <div id='testdiv' style='height: 1in; left: -100%; position: absolute;
 top: -100%; width: 1in;'></div>
 }}}

 page.js:
 {{{
 var devicePixelRatio = window.devicePixelRatio || 1;
 dpi_x = document.getElementById('testdiv').offsetWidth * devicePixelRatio;
 dpi_y = document.getElementById('testdiv').offsetHeight *
 devicePixelRatio;

 alert(dpi_x);
 }}}

 In Tor Browser, even on high-density displays,
 [https://twitter.com/petertoddbtc/status/539505134980849664 the DPI is
 correctly spoofed] to 96x96, and the above code does `alert('96')`.
 However, if the user changes the zoom level, i.e. via Ctrl-+ or Ctrl--,
 then the above Javascript will detect a non-96x96 DPI. When I tested (on a
 machine with a 96x96 DPI display), zooming once led to
 `alert('115.20000457763672')`, however that `'115.20000457763672'` stayed
 the same if I scaled the browser window size differently and reloaded the
 page (keeping the zoom at the same level).
 [https://twitter.com/petertoddbtc/status/539505134980849664 Peter Todd
 reported] that detecting the zoom level also works on a high-density
 display.

 This may particularly be a problem on huge displays, or any other displays
 probably viewed from a greater-than-arms-length distance, where the users
 are constantly zooming in.

 Possibly related: #7256

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13875>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list