Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by cypherpunks@cypherpunks

Tor browser deanonymization/fingerprinting via cached intermediate CAs

Hi,

I get different results testing https://fiprinca.0x90.eu/poc/ in a fresh Tor browser than in the Tor browser I've been using to browse the web for a bit. (Both are running as Qubes disposable VMs so I haven't tested persistence).

Expected behaviour: my Tor browser (version "6.5, based on Mozilla Firefox 45.7.0") should not leak information about what sites I've visited.

Actual behaviour: I see four cached CAs in the "warmed" browser, leaking information about what sites I've visited.

Version: 6.5

https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ has a writeup by the author.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information