Advanced Tor Browser Fingerprinting (2016)

Aside | Posted on by

Advanced Tor Browser Fingerprinting (2016)

I have created a quick and dirty PoC called UberCookie available as a demo here:

One interesting countermeasure for fingerprint implemented in tor browser is that javascript Date.getTime() (unix time) only updated each 100ms. Example of getClientRects on the same page with same Tor Browser version on different computers:

As you can see, there is a lof of difference in the results of getClientRects between two computers using the same tor browser on the same page and on the same DOM Element. An example of running ubercookie PoC in one computer (computer 1):

And the result of running it in a different computer (computer 2), same Tor browser version:

It is evident that the getClientRects are completly different, providing an interesting fingerprinting vector.

Source: jcarlosnorte.com