[tor-bugs] #29745 [Applications/Tor Browser]: Exposed chrome:// resources allow browser version and OS detection [Bug 1534581]
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 11 13:42:07 UTC 2019
#29745: Exposed chrome:// resources allow browser version and OS detection [Bug
1534581]
--------------------------------------+--------------------------
Reporter: flngerprlnt | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by Thorin):
Not sure if it's worthwhile opening a new ticket: but the default
proportional font (serif or sans-serif) is (semi-)detectable and it seems
as if `zh-TW` is the only one to return `sans-serif`
Is this something that was missed: For example: the default proportional
font in `ja` and `he` is sans-serif, but the PoC returns `serif`
{{{
window.getComputedStyle(document.body,null).getPropertyValue("font-
family")
}}}
[1] PoC:
https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#fonts
On the plus side: all 30 packs return sizes `16` (proportional) and `13`
(monospace) regardless of the settings in Language & Appearance > Advanced
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29745#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list