Conversation

Reading between the lines of my #Tor dev mailing list post: lists.torproject.org/pipermail/tor- How does breaking software monocultures affect fingerprinting? CC:

@torproject

#opsec #fingerprinting #privacy

Also CC:

. Curious about how changing the heap impl at the OS level, so even libc picks it up, would affect fingerprinting. Or, generalized: how changing certain low-level OS bits affect fingerprinting.

Replying to

and

Ages ago

did p0f for passive OS fingerprinting. I guess it's just more entropy, more things that can change at runtime but they still can be included in the final model.

Replying to

I’d defer to

and

... pretty much anyone who knows more about heap implementations than I do. Opsec is too complex to make any categorical statements.

Replying to

Agreed. From a JS-in-a-browser perspective, it'd be interesting to see how breaking monocultures of various low-level system components affects fingerprinting. Does jemalloc produce different timings visible to JS than hardened_malloc? (Thinking out loud.)

Replying to

Yes, definitely, see the thread I wrote at twitter.com/DanielMicay/st. Chromium uses the system allocator rather than TCMalloc on Android so Vanadium on GrapheneOS uses hardened_malloc. My assumption is that with JavaScript enabled it can be identified as Vanadium on GrapheneOS.

Quote Tweet

Daniel Micay

@DanielMicay

Aug 5, 2019

blog.jse.li/posts/chrome-7 This applies to many of the ongoing attempts at anti-fingerprinting across browsers. Performance testing can bypass many of the attempts at hiding information about the hardware and OS too. It can also be quite reliable. Talked about this a few days ago.

Show this thread

Replying to

Chromium makes heavy usage of specialized allocators so someone would need to find something exposed to JavaScript that depends on the system allocator to measure it. There are other approaches though. In general, you cannot hide much about the hardware or the OS from JavaScript.

Replying to

The Tor Browser's anti-fingerprinting can't hide much about the hardware and OS with JavaScript enabled. Users can also still be fingerprinted via things like keyboard / mouse input. They remove a lot of surface for fingerprinting but it's often unclear what is accomplished.

4:12 AM · Aug 18, 2019Twitter Web App

Replying to

On a separate note, got to love the Mozilla employee in that thread not understanding the question and trying to imply that jemalloc isn't a massive security liability. Not sure why people attack a project without even reading the basic documentation like github.com/GrapheneOS/har.

github.com

hardened_malloc/README.md at main · GrapheneOS/hardened_malloc

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

Replying to

They bring up partitioning and it's important to note their usage of jemalloc arenas as partitions has address space interspersed and reused between them. I see they have a project of trying to harden jemalloc by bolting on features and unfortunately that's not how this works.

Show replies