[tor-dev] TBB Memory Allocator choice fingerprint implications

Patrick Schleizer patrick-mailinglists at whonix.org
Mon Aug 19 16:11:00 UTC 2019


Btw Hardened Malloc does not require recompilation of TBB.

Compilation of Hardened Malloc is easy.

https://github.com/GrapheneOS/hardened_malloc

It then can be used with TBB or any application using LD_PRELOAD
environment variable.

LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program

Just now created:
consider using Hardened Malloc for better security in TBB
https://trac.torproject.org/projects/tor/ticket/31440

Tom Ritter:
> On Sat, 17 Aug 2019 at 15:06, procmem at riseup.net <procmem at riseup.net> wrote:
>> Question for the Tor Browser experts. Do you know if it is possible to
>> remotely fingerprint the browser based on the memory allocator it is
>> using? (via JS or content rendering)
> 
> Fingerprint what aspect of the browser/machine?


Browser web fingerprinting. The fingerprint that remote websites can see.

Can web servers guess that a different memory allocator (Hardened
Malloc) is being used due to difference in performance or other glitches?

Cheers,
Patrick


More information about the tor-dev mailing list