[tor-talk] Browserprint fingerprinting website
Not Friendly
notfriendly at riseup.net
Mon Jun 6 14:27:54 UTC 2016
On 2016-06-06 08:41, Nurmi, Juha wrote:
> Hi,
>
> On Mon, Jun 6, 2016 at 2:47 PM, <cube at browserprint.info> wrote:
>
>> Hello, I'm the creator of a new fingerprinting website,
>> https://browserprint.info
>> Think Panopticlick but with a lot more tests.
>> Many of the tests are even designed specifically to catch the Tor
>> browser
>> bundle out, for instance the Math/Tan function returns a different
>> value
>> based on what your underlying operating system is, so it's easy to
>> detect
>> when a browser is lying in their user-agent string.
>>
>
> This is clever! I didn't know about this. I see that 64bit Linux
> machine it
> produces the value -1.4214488238747245 and on windows
> -4.987183803371025.
>
> TorBrowser should not let you to detect the operation system.
>
>
>> I would greatly appreciate if you visit the site and fingerprint
>> yourselves since it will help me refine the techniques and improve the
>> site.
>>
>
> We will visit your site. Interesting work.
>
>
>> I'm adding more tests every week and if you have any ideas or
>> suggestions
>> I'd love to hear them.
>
>
> Thanks!
>
> Best,
> Juha
This is very interesting. It's worth looking into whether Tor Browser
should disable these types of behaviors (since it could identify the
user's OS). It'll take time but I think updates to stop the
fingerprinting techniques in the mentioned website are possible.
More information about the tor-talk
mailing list