Awesome that it was responsibly discolsed and that Firefox has already put out a fix.
Since the bugzilla is still restricted, this was the needed fix Bug 2024220 - IDB database must return a sorted list. r=dom-storage-r… · mozilla-firefox/firefox@2c28194 · GitHub
Interesting that they disclosed that, seems to be against their business interests
How so ?
They reported it to Mozilla and Tor.
from their CTO
but I don’t use their product, so can’t tell how they actually work.
Can we get a Not an Expert; Didn’t Understand?
Because the behavior is process-scoped rather than origin-scoped, unrelated websites can independently observe the same identifier and link activity across origins during the same browser runtime.
Does this mean that the identifier disappears after the browser is closed? meaning that fingerprinting between activities that are separated by closing the browser cannot take place with this method?
that was my understanding from reading the report, but i am certainly not an expert in browser fingerprinting.
Worth noting this apparently only allows fingerprinting within a given process, so your identity can be correlated in Tor Browser across sites and after using “New Identity”, but not across full browser restarts.
Still really bad, but based on the headline and use of the word “Stable” I assumed it was tied to some kind of hardware property and couldn’t be mitigated at all.
Yes, at least based on how they describe it in the article.
My guess would be that they already have other methods to fingerprint users and wouldn’t need to rely on this, which could also be used by competitors.