Re: [Tails-dev] [Tails-news] Tails 3.13.2 is out

Delete this message

Reply to this message
Author: anonym
Date:  
To: Georg Koppen, The Tails public development discussion list
Subject: Re: [Tails-dev] [Tails-news] Tails 3.13.2 is out
[Whoops, dropped tails-dev in my first attempt to answer.]

Georg Koppen:
> Tails - News:
>> This release is an emergency release to fix a critical security vulnerability
>> in _Tor Browser_.
>>
>> It also fixes [other security
>> vulnerabilities](https://tails.boum.org/security/Numerous_security_holes_in_3.13.1/).
>> You should upgrade as soon as possible.
>>
>> # Changes
>>
>> ## Fixed _NoScript_ activation in _Tor Browser_
>>
>> Starting from Friday May 3, a problem in _Firefox_ and _Tor Browser_ disabled
>> all add-ons. This release reactivates all add-ons in _Tor Browser_, especially
>> _NoScript_ which is used to:
>>
>> * Most importantly, protect against a very strong fingerprinting technique called _HTML5 canvas fingerprinting_ which can break your anonymity.
>
> Hm. How does it do that? In particular, what does it do in addition to
> the defense we baked into Tor Browser and which is not NoScript
> dependent? (see the: "Specific Fingerprinting Defenses in the Tor
> Browser", subsection 2. HTML5 Canvas Extraction at
> https://2019.www.torproject.org/projects/torbrowser/design/)


There's been a misunderstanding. We were supposed to talk about fingerprinting enabled by the loss of NoScript's WebGL click-to-play, not HTML5 canvas fingerprinting.

Cheers!