[tor-bugs] #14098 [Tor Browser]: TBB still fingerprintable by	screen size
    Tor Bug Tracker & Wiki 
    blackhole at torproject.org
       
    Tue Jan 27 21:07:36 UTC 2015
    
    
  
#14098: TBB still fingerprintable by screen size
-----------------------------+--------------------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-fingerprinting
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------
Comment (by randybytes):
 Replying to [comment:11 gk]:
 > Replying to [comment:9 randybytes]:
 > > Replying to [comment:6 mcs]:
 > > >
 > > > Access to properties within window.screen has been patched as well.
 Are you seeing a case where window.screen leaks the actual display
 dimensions or other info?
 > >
 > > > Are you seeing a case where window.screen leaks the actual display
 dimensions or other info?
 > >
 > > Yes, on the Tor Browser bundle 4.03 with windows 8.1 leaks the actual
 display dimensions:
 > >
 > > On https://panopticlick.eff.org it leaks:
 > >
 > > Screen Size and Color Depth: 1366x633x24
 > >
 > > which only 1 in 82820.68 browsers have this value.
 > >
 > > from the javascript console window.screen shows:
 > >
 > > Screen { availWidth: 1366, availHeight: 383, width: 1366, height: 383,
 colorDepth: 24, ...
 > >
 > > Thanks for replying, is their any diagnostic information that could
 help?
 >
 > Are you resizing/maximizing your browser window? If so, then this is the
 cause of the unusual screen size. Our defense is not working with
 resized/maximized windows yet.
 When I start the browser in windowed mode, without any resizing or
 maximization I get:
 Screen Size and Color Depth:
 one in x browsers have this value: 621890.75
 value: 1004x535x24
 So even with no alterations to the window, I am not getting any protection
 on my platform.  1 in 62K could identify my computer.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14098#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
    
    
More information about the tor-bugs
mailing list