Security News > 2021 > May > Tor users, beware: 'Scheme flooding' technique may be used to deanonymize you
FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.
That means, for example, if you browse the web using Safari, Firefox, or Chrome for some websites, and use the Tor browser to anonymously view others, there is a possibility someone could link your browser histories across all those sessions using a unique identifier, potentially deanonymize you, and track you around the web.
The various affected browsers should defend against scheme flooding but they don't.
Chrome, alone among the major browsers, has implemented scheme flood protection that requires user interaction to launch a custom scheme resource.
In Firefox and Safari, scheme flooding works because the browser loads different internal pages depending upon whether the requested app is present or absent, which is all the information needed for that bit in the 32-bit app-count identifier.
Browser makers should address scheme flooding nonetheless.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/14/browser_fingerprinting_flaw/