protocol flooding attack (scheme flood) - browser fingerprinting

https://twitter.com/mfsylv/status/1397808311853109250

https://twitter.com/mfsylv/status/1397808305704157184/photo/1

Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox


related:


Needs to be documented in Whonix wiki once tested, triaged:
https://www.whonix.org/wiki/Browser_Tests#schemeflood.com

Mitigation documented here just now:
https://www.whonix.org/wiki/Tor_Browser#Unsafe_Tor_Browser_Habits

Do not re-use the same VM for browsing and other applications.

  • Qubes-Whonix ™: Do not install additional applications in a TemplateVM that is intended to serve as base for AppVMs / DispVMs that run Tor Browser. Use multiple TemplateVMs. Use a dedicated TemplateVM, ideally updated and otherwise unmodified for AppVMs / DispVMs for browsing with Tor Browser.
  • Non-Qubes-Whonix ™: Use a dedicated or multiple Whonix-Workstation ™ for browsing with Tor Browser.

Consider using Multiple Whonix-Workstation ™ installing additional software. It is safer to compartmentalize discrete activities to minimize the threat of VM Fingerprinting. This protects from the schemeflood vulnerability [archive], which could be used for browser fingerprinting / identity correlation among VM / browser restarts. See also schemeflood.com (Browser Test).

2 Likes

It’s great that someone actually spent time to discover and warn about this.

2 Likes