Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #21559

Closed (moved)
Open
Opened Feb 26, 2017 by cypherpunks@cypherpunks

Tor browser deanonymization/fingerprinting via cached intermediate CAs

Hi,

I get different results testing https://fiprinca.0x90.eu/poc/ in a fresh Tor browser than in the Tor browser I've been using to browse the web for a bit. (Both are running as Qubes disposable VMs so I haven't tested persistence).

Expected behaviour: my Tor browser (version "6.5, based on Mozilla Firefox 45.7.0") should not leak information about what sites I've visited.

Actual behaviour: I see four cached CAs in the "warmed" browser, leaking information about what sites I've visited.

Version: 6.5

https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ has a writeup by the author.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#21559