Yet Another Way You Can Be Fingerprinted While Using Tor

Notice: This doesn’t mean that Tor is broken.

Security Enthusiast Jose Carlos Norte recently made a blog post detailing how Tor Browser users can be uniquely fingerprinted using the mouse wheel, mouse speed, a CPU benchmark, and “getClientRects”.

A POC (proof-of-concept) is available to try out which utilizes the methods he goes over.

Right off the bat, Norte explains that these methods rely on javascript.

“All the provided fingerprinting methods are based on javascript (enabled by default in tor browser as of today).”

Norte quickly noticed that the Tor Browser implemented a counter measure against fingerprinting methods that relied on time accuracy – which is something that he needed. He noted that “there are a lot of ways to measure times smaller than 100ms using javascript in tor browser, some are obvious, or ther [sic] are intersting [sic]”, and so, he was able to get around this countermeasure with ease.

With that out of the way, Norte moved on to fingerprinting the mouse wheel where he states that “the mouse wheel event in Tor Browser (and most browsers) leaks information of the underlying hardware used to scroll the webpage.” He contrasted what’s leaked when you use a regular mouse or a trackpad:

“The event

Read more ... source: TheBitcoinNews