#20214: Ultrasound Cross Device Tracking techniques could be used to launch
deanonymization attacks against some users
 Reporter:  VasiliosMavroudis         |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:  Tor: unspecified
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by cypherpunks):

 1. Why wouldn't this work with audible sound? Audible sound ranges have
 been shown to be able to covertly issue voice commands to nearby mobile
 The core issue is not addressed by filtering out non-audible sound.

 2. If a user is presented with a choice to play the media file or not and
 if they *believe* that they want to play it, they will play it. The prompt
 would only serve as an annoyance that the user would learn to ignore. If
 your attack involves tricking a user to visit a website, tricking a user
 to view or allow the media on the website to play would not be
 significantly more difficult.

 3. The security slider at 'High' already makes video/audio content click-
 to-play, with the current exception of MediaSource video (see: #19200).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20214#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to