GitLab

Hi, I discovered (at least, I have not read about those methods anywhere) two new ways to fingerprint browser a little more.

First, a user can define a user stylesheet where in can set default or overriding (with !important declaration) properties. This stylesheet can be userContent.css file in profile directory, but it can also be other pages set by extensions. This is often use for accessibility reasons (for example: set all pages white and black for people with some vision problems).

A few other properties can be set with preferences dialog: default color text, default anchor color. This properties can also be read by webpage.

I'm not sure what torbutton can do to mitigate this. May be register a stylesheet to reset all css properties to browser defaults.

Another thing a webpage can do is get the zoom value. This has not a big entropy, but is yet another metric.

See testcase here:

!http://renevier.net/misc/fingerprint.html

Trac:
Username: arno