Seems like a non-issue in Whonix.
For me, ClientRects Fingerprinting - BrowserLeaks shows the same Full Hash in,
- a Qubes-Whonix-Workstation Tor Browser as well as in a
- a Non-Qubes-Whonix-Workstation Tor Browser
on completely different hardware.
I don’t really want to publish my Full Hash and if this thing is real then I would discourage anyone else to abstain from this too as this could link your Full Hash to your unchangeable Tor Browser “pseudonym” (Full Hash). It would be similar to a “permanent IP address”. Running the Full Hash through a hashing function such as sha512 also would not help. Any adversary that knew the full hash could easily run it themselves through sha512. Comparing the secret securely without revealing it would require something innovative such as zero knowledge proofs but I am not aware of any application that allows to do that.
Excluded possibilities:
- Test totally broken, showing every visitor the same value. Imagine that. We would worry about nothing. This is clearly not the case since the test shows different things for different browsers for example when viewing the test website through web.archive.org so it’s fingerprinting something.