Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #21559

Closed (moved)
(moved)
Open
Created Feb 26, 2017 by cypherpunks@cypherpunks

Tor browser deanonymization/fingerprinting via cached intermediate CAs

Hi,

I get different results testing https://fiprinca.0x90.eu/poc/ in a fresh Tor browser than in the Tor browser I've been using to browse the web for a bit. (Both are running as Qubes disposable VMs so I haven't tested persistence).

Expected behaviour: my Tor browser (version "6.5, based on Mozilla Firefox 45.7.0") should not leak information about what sites I've visited.

Actual behaviour: I see four cached CAs in the "warmed" browser, leaking information about what sites I've visited.

Version: 6.5

https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ has a writeup by the author.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking