[tor-bugs] #30543 [Applications/Tor Browser]: device orientation leaks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 21 02:00:58 UTC 2019
#30543: device orientation leaks
--------------------------------+------------------------------------------
Reporter: Thorin | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------+------------------------------------------
RFP spoofs landscape on devices
However css @media orientation and also matchMedia leak - see upcoming
attached pic where RFP=on, the phone is in reality in portrait mode.
Orientation = landscape (spoofed), but the others say otherwise
**mdn** (this is what gets spoofed)
https://developer.mozilla.org/en-
US/docs/Web/API/Screen/orientation#Example
{{{
var orientation = screen.msOrientation || (screen.orientation ||
screen.mozOrientation
}}}
**css** (leaks)
{{{
@media (orientation:portrait){#YourID:after{content:"portrait";}}
@media (orientation:landscape){#YourID:after{content:"landscape";}}
}}}
**matchMedia** (leaks)
{{{
if (window.matchMedia("(orientation: portrait)").matches) return
"portrait";
if (window.matchMedia("(orientation: landscape)").matches) return
"landscape";
}}}
[1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30543>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list