[tor-talk] WebGL forbidden in NoScript but Flash is not?
lucia at rankexploits.com
lucia at rankexploits.com
Wed May 8 20:01:08 UTC 2013
> Date: Wed, 8 May 2013 08:57:48 +0200
> From: Lunar <lunar at torproject.org>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?
> Message-ID: <20130508065748.GA975 at loar>
> Content-Type: text/plain; charset="us-ascii"
>
> Joe Btfsplk:
>> OK, thanks for detailed reply. Now that the "adversary" has a
>> fingerprint of my machine (therein lies the problem - the data being
>> given out), unless they're the gubment & I'm a bad guy (or living in
>> a represses society), what are they going to do w/ that info?
>
> This means that the anonymity is broken. Your browser can be uniquely
> identified among the others. In a repeated manner, across Tor circuits,
> Tor Browser sessions and system reboots.
>
> --
> Lunar
Here's a likely example of what Lunar is talking about. If you visit this
link you will be presented a survey form.
http://survey.gci.uq.edu.au/survey.php?c=1R9YT8YMZTWF
The javascript for that page creates a string listing:
1) every plugin for your browser
2) fonts that match his list of fonts.
3) The screen height of your system
4) the screen width of your system.
5) the timezone offset.
6) a timestamp:randomnumber string.
These strings added to hidden input fields and submitted to the browser
when someone agrees to participate.
The person doing the survey is likely collecting browser fingerprints to
identify duplicate entries by people using proxies. That person
conducting the research is simultaneously the researcher and a blogger who
has been known to express quite a bit of hostility toward category of
human subjects he has invited to participate in his survey.
Obviously, fingerprints when collected are used for whatever purpose the
person collecting them wishes to use them form.
More information about the tor-talk
mailing list