|
|
|
|
|
|
by gburt
3750 days ago
|
|
|
>The most intersting fingerprinting vector I found on Tor Browser is getClientRects. Is strange that reading back from a canvas has been prevented but simply asking the browser javascript API how a specific DOM elements has been drawn on the screen has not been prevented or protected in any way. This isn't as strange as he makes it sound, it is done to prevent the link color history attack [1]. Most of the other CSS properties aren't allowed on :active or :visited modifiers. [1] http://dbaron.org/mozilla/visited-privacy |
|
|