Tor Browser update no longer tracks what apps users install

After releasing Tor Browser 10.0 last year, the Tor Project has released a new incremental update for its browser that contains fixes for a number of bugs including one that could allow websites to track users based on the apps installed on their devices.

As reported by BleepingComputer, back in May, the fingerprinting firm FingerprintJS released details on a 'scheme flooding' vulnerability that could be exploited to track users across several different browsers based solely on the applications they've installed.

In order to track users, a tracking profile is created for each user by trying to open several application URL handlers and checking if the browser then launches a prompt. For those unfamiliar, these application URL handlers are often used by video conferencing software such as Zoom to launch a meeting after a link is clicked on in a user's browser.

If an application displays a prompt, then it's safe to assume that the software is installed on a user's device. The scheme flooding vulnerability disclosed by FingerprintJS checks these URL handlers in order to create an ID for each user based on the unique configuration of apps installed on their devices.

Preventing unwanted tracking in Tor

The ID created based on a user's installed apps can even be tracked across several different browsers including Google Chrome, Microsoft Edge, Tor Browser, Firefox and Safari.

However, this vulnerability is especially concerning for Tor users since one of the main draws of the anonymous browser is being able to protect one's identity and IP address from being logged by the sites they visit. Since this vulnerability can track users across browsers, it could be used by websites and potentially even law enforcement to track a user's real IP address when they switch to Chrome or any other browser after using Tor.

Thankfully though, the Tor Project has patched this vulnerability with the release of Tor Browser 10.0.18 which fixes the issue by setting the browser's 'network.protocol-handler.external' setting to false. Once updated, the browser won't be able to pass the handling of URLs to external applications and no more application prompts will appear that can be used to track users.

Tor Browser users can protect themselves from this vulnerability by opening the browser's menu, going to Help and selecting About Tor Browser to automatically check for and install any new updates. However, the new update can also be downloaded manually from the Tor Browser download page or the Tor Project's distribution directory.

Via BleepingComputer

How It works

Search Crack for

Latest IT News

Jul 30
Microsoft has added several new features to Microsoft Visual Studio 2022 Preview 2 including a brand-new Hot Reload experience.
Jul 30
Take data security beyond the perimeter with Tresorit
Jul 30
Business phone systems are as relevant today as they've ever been and offer some useful advantages over consumer phone lines.
Jul 30
Here's everything you need to know about Windows 11, including news, rumors and upcoming features.
Jul 30
Microsoft has updated the new store in Windows 11 with better user interface fixes and improvements.
Jul 30
Microsoft Teams and Windows 11 take over as we wave goodbye to Skype for Business.
Jul 30
Microsoft wants people to move from the Dev Channel to the new Beta Channel, but some users are already reporting problems.

Latest cracks