"Also it is worth mentioning that disabling Javascript does not protect against this type of fingerprinting, as it is available to CSS too: https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries";
It could be available to css, but without javascript, it can't be sended ! 2013/9/13 Mike Perry <[email protected]> > harmony: > > Mike Perry: > > > > > > So this means that if you resize your browser, you also get a > > > totally different display fingerprint. However, if you resize it to > > > something weird, and continue to use that weird size for a while, > > > all of that activity is highly linkable to advertisers until you > > > resize again. > > > > > > > Equally, 'if you maximize your browser (or your browser maximizes > > itself automatically, as Tor Browser does when I click 'New Identity), > > and your screen is some weird size, all of your activity is highly > > linkable to advertisers until you get a new screen'? > > Your Tor Browser should *not* be maximizing itself during New Identity. > It should be setting its content window to a 200x100 multiple. > > I've never seen one maximize for that step. Does that always happen for > you? Sounds like a bug caused by something about your setup. Does it > happen with a fresh bundle in a new directory? Do you mind sharing your > monitor resolution? > > > Also, 'if you want to do something unlinkable, pick a weird screen > > size and then change it after you finish doing it?' > > Maybe. It depends on if you resizing the window is actually as "random" > as you think it is. If you keep doing that, and you're one of the few > people who does, you might stand out over time? On the other hand, it > seems like a tricky algorithm for an advertiser-class adversary to > write, and for little economic gain since it is rare behavior. > > However, if your adversary includes people with access to raw > advertising logs, that may be a different matter. My guess is > capital-t-They wouldn't bother with that vector though. Too expensive > for too little information. > > So on balance, I think it's probably a decent thing to do for that odd > website account you don't want linked to anything else? > > > I get that this is difficult to avoid. Just trying to clarify. > > Yep. > > -- > Mike Perry > > -- > tor-talk mailing list - [email protected] > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
