[tor-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 16 23:37:38 UTC 2019
#26607: verify that subpixel accuracy of window scroll properties does not add
fingerprinting risk
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: tbb-
| team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting, ff60-esr, | Actual Points:
TorBrowserTeam201904 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by Thorin):
Replying to [comment:18 acat]:
> This is leaking the actual `window.devicePixelRatio` (always set to 1
with resistfingerprinting)
Nice PoC! Added `window.devicePixelRatio` (DRP) output to my test to make
things easy, and some tests
my Android: RFP=true
[1] subpixel: `.5`, dpr: `1`
[2] window=`1` guessed=`2`
my Android: RFP=false (I restarted the device)
[1] subpixel: `.5`, dpr: `2`
[2] window=`2` guessed=`2`
So you're extrapolating the DPR based on scroll because scroll (among
others) uses DPR in it's calculations, and DPR spoofing doesn't allow for
that?
Original DPR spoof upstream ticket from Arthur:
https://bugzilla.mozilla.org/show_bug.cgi?id=418986#c50
[1] https://thorin-oakenpants.github.io/testing/
[2] https://acatarineu.github.io/fp/devicePixelRatio.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26607#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list