Re: Torbutton, CSS3 and window size
- Original Message > From: Just A. User > To: or-talk@freehaven.net > Sent: Fri, December 10, 2010 3:42:19 PM > Subject: Re: Torbutton, CSS3 and window size > > > This places us in an interesting legal situation with > > Mozilla, because technically such a patch means that we can no longer > > use the trademark "Firefox" to describe the browser we provide in this > > case. > Is it that bad? Are there any fundamental problems with Iceweasel etc? I > do not think Tor Project > has to rely on the Firefox brand awareness to distribute Tor Bundle > among end users. Maybe, having > an independent "security-oriented" patched branch of Firefox or Chrome > can facilitate accepting some > of the patches by the upstream. > If the Firefox icon were to be changed, shoulder-surfing or screen-capturing adversaries would be able to easily notice it. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton, CSS3 and window size
Thank you for the explanation. > The JonDoNym test is only using the Javascript versions of these > attacks, and therefore the JonDoFox profile they provide is given a > green "pass" against them, even though a dedicated adversary could > extract the same information with CSS3 alone. When I run Torbutton > with Javascript disabled, I get very similar results to the JonJoFox > profile on their test (are you sure you had javascript fully > disabled?) I am absolutely sure I have js disabled to the extent allowed by javascript.enabled = false. Furthermore, I tried to filter scripts out with Privoxy (also disabling ssl, of course) and obtained the same results... Anyway, in this thread, Karsten N. has confirmed that the *current* version of JonDoNym tests does not require any js. > This places us in an interesting legal situation with > Mozilla, because technically such a patch means that we can no longer > use the trademark "Firefox" to describe the browser we provide in this > case. Is it that bad? Are there any fundamental problems with Iceweasel etc? I do not think Tor Project has to rely on the Firefox brand awareness to distribute Tor Bundle among end users. Maybe, having an independent "security-oriented" patched branch of Firefox or Chrome can facilitate accepting some of the patches by the upstream. And what about extensions.torbutton.resize_windows? It is not a bug or my side misconfiguration issue that I have no such option for the current TB, is it? -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton, CSS3 and window size
Am 10.12.2010 04:29, schrieb Mike Perry: > The JonDoNym test is only using the Javascript versions of these > attacks, and therefore the JonDoFox profile they provide is given a > green "pass" against them The JonDonym test uses CSS3 to detect the browser window inner size. The test works without Javascript. JonDoFox is not green for this test too. JonDos does not have a solution for this attack but the anonymity test shows the problem. Greetings Karsten N. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton, CSS3 and window size
Thus spake Just A. User (just_a_u...@justemail.net): > http://what-is-my-ip-address.anonymous-proxy-servers.net > are able to discover the browser's window inner dimensions > accurately. > > The font downloading attack (@font-face based) from that test is > also successful. The short answer here is that new CSS3-based fingerprinting attacks are currently not possible to fully defend against through extension-land, and that while we do take them seriously, we don't have a lot of options to truly protect against them in the short term. JonDoNym is performing a bit of slight of hand on its users wrt to these attacks. It only "protects" against these attacks by requiring that Javascript be disabled, but this is not a full defense. The CSS3 "Media Queries" allow you to select entire stylesheets to be loaded on the basis of screen resolution and display information: https://developer.mozilla.org/En/CSS/Media_queries Thus, media queries are quite capable of inducing element loads based on screen resolution and font information, which can be used to ping a server with information about your resolution without the need for Javascript. The mechanisms for this are similar to the CSS-only history attack that does not require Javascript and works on Firefox 2.x and 3.x: http://ha.ckers.org/weird/CSS-history-hack.html The JonDoNym test is only using the Javascript versions of these attacks, and therefore the JonDoFox profile they provide is given a green "pass" against them, even though a dedicated adversary could extract the same information with CSS3 alone. When I run Torbutton with Javascript disabled, I get very similar results to the JonJoFox profile on their test (are you sure you had javascript fully disabled?) But again, the reality is this is not the whole story. We are currently actively trying to get people at the W3C and inside Google and Mozilla to address these issues, because short of us patching the browsers directly, there is not much we can do here. We may end up patching our Tor Browser Bundle builds if it doesn't appear that any of these groups are taking these new fingerprinting vectors seriously. This places us in an interesting legal situation with Mozilla, because technically such a patch means that we can no longer use the trademark "Firefox" to describe the browser we provide in this case. Our goal for the W3C is to get them to define a common subset of rendering behaviors that all browsers can adhere to while in "private browsing mode". I believe the timeline for adoption of this standard would be measured in multiple years, though. Our goal with the browsers is to convince them to provide us with some kind of API to interact with CSS and the rendering system. For Chrome, their release cycle is faster and this process would be measured in months (if we had all the other APIs we needed, see https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting). But for Firefox, their release cycle is slower, and this time period is probably still measuted in years. So to sum it up, lots of rocks, and lots of hard places :/ -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpiUS2lO0Gyt.pgp Description: PGP signature
Torbutton, CSS3 and window size
I use a recent (3.6) FF with the stable Torbutton. javascript.enabled is set to false. I have encountered the following issue. In my prefs.js, I have no extensions.torbutton.resize_windows option described in the Torbutton Design Document. That's strange. Moreover, it seems the resizing functionality does not work as I expected: Probably employing some CSS techniques, the tests at http://what-is-my-ip-address.anonymous-proxy-servers.net are able to discover the browser's window inner dimensions accurately. The font downloading attack (@font-face based) from that test is also successful. Is the behavior described normal or expectable? If it is, are there any plans to toughen TB against those attacks? Please explain this weird stuff to me. Thanks in advance. -- http://www.fastmail.fm - Choose from over 50 domains or use your own *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/