[throwaway89201]

The author of this blog strongly comes across as a person who understands a good deal about finding vulnerabilities, but doesn't really understand the tradeoffs being made in maintaining usable anonymity software such as the Tor browser.

The reported scroll bar width vulnerability is his strongest case. He rightly got a bounty for it. But it's relatively hard to fix, and until recently, the Tor browser also just leaked your window size via Javascript. But they're getting there, slowly.

However, the story about public bridge certificates is pretty unjustified. The response he got from the Tor Project is completely clear, and his proposed solution in trying to impersonate traditional PKI simply won't work against even mediocre attackers. Furthermore, bridge enumeration as a systemic attack might be a problem against censorship systems, but can't rightly be called a '0day'. Private bridges (https://bridges.torproject.org) also solve a lot of the problem.

In the linked ticket, you clearly see that they are trying pretty hard to find a sponsor willing to fund the solution.

[Scoundreller]

> and until recently, the Tor browser also just leaked your window size via Javascript.

Though this was why Tor would always open in the same window size. But ya, that all fell apart if you maximized.

When did they fix “the leak” itself? Wouldn’t that require intercepting the JavaScript call in the same way that the scroll bar size issue could be fixed?

[JohnTHaller]

I believe they implemented panels inside the browser window that force the window size to be different reported values.

[Forbo]

It's called "letterboxing", and rounds the window size to the nearest 200x100 px when maximized, I think. So while it does make you slightly less unique than just maximizing normally would, that anonymity set is still potentially smaller than the set that can fit everyone, namely the 1000x1000 default. There are methods of detecting screen resolution using CSS that don't require JavaScript, so blocking JavaScript doesn't necessarily protect you from this fingerprinting method.

[Scoundreller]

Fascinating to realize that CSS can do that. I guess it does it by “calling” x.png 1024 times and y.png 768 times? Or running some loop to call 1024x.png and 768y.png...

[bowmessage]

No loop necessary, maybe just a set of @media rules with e.g. custom .png resources: https://developer.mozilla.org/en-US/docs/Web/CSS/@media

[wcerfgba]

Could you expand on "his proposed solution in trying to impersonate traditional PKI simply won't work against even mediocre attackers" ? How would you defeat his proposed solution?

[throwaway89201]

As the Tor Project itself already notes in its reply, it's not feasible "to try to imitate normal SSL certs because that's a fight we can't win (they will always look differently or have distinguishers, as has been the case in the pluggable transports arms race)."

Even if the certificate is valid, there are lots of other distinguishing factors. You can go as far as timing attacks. As the answer alludes to, they have an entire project around obfuscated transports primarily for clients and private bridges. [1]

But there's no need for obfuscation here as the ORPort can 'simply' be closed, if it wasn't such a hassle to actually implement.

[1] https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt