protocol flooding attack (scheme flood) - browser fingerprinting

Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox


Needs to be documented in Whonix wiki once tested, triaged:

Mitigation documented here just now:

Do not re-use the same VM for browsing and other applications.

  • Qubes-Whonix ™: Do not install additional applications in a TemplateVM that is intended to serve as base for AppVMs / DispVMs that run Tor Browser. Use multiple TemplateVMs. Use a dedicated TemplateVM, ideally updated and otherwise unmodified for AppVMs / DispVMs for browsing with Tor Browser.
  • Non-Qubes-Whonix ™: Use a dedicated or multiple Whonix-Workstation ™ for browsing with Tor Browser.

Consider using Multiple Whonix-Workstation ™ installing additional software. It is safer to compartmentalize discrete activities to minimize the threat of VM Fingerprinting. This protects from the schemeflood vulnerability [archive], which could be used for browser fingerprinting / identity correlation among VM / browser restarts. See also schemeflood.com (Browser Test).


It’s great that someone actually spent time to discover and warn about this.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]