#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: | arthuredelstein Type: task | Status: | assigned Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Critical | Resolution: Keywords: tbb-fingerprinting-os, | Actual Points: TorBrowserTeam201609 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by Octopus): Hello! Developer of Fingerprint Central here! The website is still in [https://fpcentral.irisa.fr/ beta] but thanks to several visitors, it seems that we can already have an early insight on some AudioContext attributes from the 40 TBB fingerprints that were collected. I added the tests found from the [https://audiofingerprint.openwpm.com/ OpenWPM Study] and you can see some results below that I found the most relevant. ||N°||Count||Percentage||User-Agent||pxi buffer hash||ac-sampleRate||ac- maxChannelCount|| ||1||21||60.00%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"||158e8189...||44100||2|| ||2||4||11.43%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||89cad797...||48000||2|| ||3||3||8.57%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||4baefb24...||44100||2|| ||4||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||89cad797...||96000||2|| ||5||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||4baefb24...||48000||2|| ||6||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" ||158e8189...||48000||2|| ||7||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||e8a01cca...||44100||2|| ||8||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||4baefb24...||44100||10000|| ||9||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||158e8189...||44100||32|| ||10||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ||158e8189...||44100||0|| I don't know if it can be generalized to the majority of the TBB population but it seems that most users should have the same combination of Sample rate/Channel count/Buffer hash. However, differences can still be observed between sample rate (44100Hz/48000Hz/96000Hz) and max channel count (0/2/32/10000) and users without the most common values may be more prone to fingerprinting than others. I added the hash to see if there was a link between these attributes and the rendered audio but this needs more investigation as noted by #comment:26. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:36> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs