A serious bug that allowed tracking users by installed applications was fixed in the TOR browser

The developers of the Tor Project released a new version of the Tor browser (10.0.18), in which they eliminated many bugs, including a vulnerability that allowed sites to track users based on the list of installed applications.

Back in May 2021, the company Fingerprints, which, as it is easy to understand from the name, is engaged in JavaScript fingerprinting, discovered a vulnerability that allows tracking users of various browsers, based on what applications are installed on their devices.

To do this, a special tracking profile is created, which tries to open different URL handlers in turn, for example, zoommtg://, and checks whether the browser is accessing, for example, the Zoom application.

This way, you can determine that the application is installed on the device. Going through numerous URL handlers, as a result, it can create a unique identifier and a user profile. This ID can then be tracked in different browsers, including Google Chrome, Wenge, Firefox, Safari and Tor Browser.

In the release of Tor Browser 10.0.18, specialists fixed this problem by setting the network.protocol-handler.external parameter to false. This parameter does not allow the browser to transfer the processing of a certain URL to an external application, then if it makes such an attack meaningless, it does not allow creating a list of applications installed on the device.


Keep your data secure & anonymous with top bitcoin tumblers