Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
Needs to be documented in Whonix wiki once tested, triaged:
Mitigation documented here just now:
Do not re-use the same VM for browsing and other applications.
- Qubes-Whonix ™: Do not install additional applications in a TemplateVM that is intended to serve as base for AppVMs / DispVMs that run Tor Browser. Use multiple TemplateVMs. Use a dedicated TemplateVM, ideally updated and otherwise unmodified for AppVMs / DispVMs for browsing with Tor Browser.
- Non-Qubes-Whonix ™: Use a dedicated or multiple Whonix-Workstation ™ for browsing with Tor Browser.
Consider using Multiple Whonix-Workstation ™ installing additional software. It is safer to compartmentalize discrete activities to minimize the threat of VM Fingerprinting. This protects from the schemeflood vulnerability [archive], which could be used for browser fingerprinting / identity correlation among VM / browser restarts. See also schemeflood.com (Browser Test).