if javascript is allowed, according to http://www.whatismyscreenresolution.com/ and https://panopticlick.eff.org/ the size of the TBB window is reported back. if the size of the window is changed, the new size is reported to the test sites, making the browser fingerprint more unique. if i maximize the TBB window, i receive a warning about tracking, but again the size reported back to the test sites isn't the screen's resolution but still the window size. seems to me this value should be spoofed to some common value like 1024x768 no matter what size the TBB window is
scar:
if javascript is allowed, according to http://www.whatismyscreenresolution.com/ and https://panopticlick.eff.org/ the size of the TBB window is reported back. if the size of the window is changed, the new size is reported to the test sites, making the browser fingerprint more unique. if i maximize the TBB window, i receive a warning about tracking, but again the size reported back to the test sites isn't the screen's resolution but still the window size. seems to me this value should be spoofed to some common value like 1024x768 no matter what size the TBB window is
Spoofing the window consistently is probably not possible as there are numerous ways to find out the dimensions of your actual window size. Thus, making sure you get a properly rounded window size seems to be the easier route to mitigate fingerprinting.
Georg
_______________________________________________
tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
Georg Koppen wrote on 09/22/2016 12:03 PM:
Spoofing the window consistently is probably not possible as there are numerous ways to find out the dimensions of your actual window size. Thus, making sure you get a properly rounded window size seems to be the easier route to mitigate fingerprinting.
where and how is this controlled though? in a default firefox window, the test site reports back my actual screen resolution, no matter what size the window is. it seems TBB is doing some spoofing somewhere but it is always returning the size of the window. 1000x500 is not a screen resolution used anywhere, so if TBB starts with a window size of 1000x500 we can almost be certain that it is a Tor Browser and not blending in with other clients
scar:
Georg Koppen wrote on 09/22/2016 12:03 PM:
Spoofing the window consistently is probably not possible as there are numerous ways to find out the dimensions of your actual window size. Thus, making sure you get a properly rounded window size seems to be the easier route to mitigate fingerprinting.
where and how is this controlled though? in a default firefox window, the test site reports back my actual screen resolution, no matter what size the window is. it seems TBB is doing some spoofing somewhere but it is always returning the size of the window. 1000x500 is not a screen resolution used anywhere, so if TBB starts with a window size of 1000x500 we can almost be certain that it is a Tor Browser and not blending in with other clients
Tor Browser is doing no spoofing. It is resizing your actual window to multiples of 200 and 100 on start-up and New Identity.
Georg
_______________________________________________
tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
Georg Koppen wrote on 09/23/2016 01:43 AM:
Tor Browser is doing no spoofing.
why, then, is it: with a standard firefox installation, http://www.whatismyscreenresolution.com reports back the screen resolution irregardless of the windows size, but TBB (with javascript enabled) reports back the window size in all instances?
can anyone test and verify?
Hi scar,
On Sat, Sep 24, 2016 at 2:46 PM, scar scar@drigon.com wrote:
Georg Koppen wrote on 09/23/2016 01:43 AM:
Tor Browser is doing no spoofing.
why, then, is it: with a standard firefox installation, http://www.whatismyscreenresolution.com reports back the screen resolution irregardless of the windows size, but TBB (with javascript enabled) reports back the window size in all instances?
I believe Georg was referring to the fact that Tor Browser does not spoof window size. It does, however, return a screen size the same as the window size, as you have observed. That protects your screen size from being directly observed when your window is not maximized.
In general, Tor Browser is not trying to blend in with other browsers. Instead, the goal is to make different users of Tor Browser as indistinguishable as possible.
Best regards, Arthur
-
Arthur D. Edelstein -
Georg Koppen -
scar