The following is a list of tests that can be used to detect Torbutton, if it is enabled, what platform it is running on and other privacy and anonymity attacks.
Versions tested are outdated! Last tested with:
detect-torbutton-chrome: a simple chrome check against
an image to see if Torbutton has been installed.
NOTE: Fixed as of Torbutton 1.1.14-alpha.
detect-torbutton-script: another chrome check but
against a script file; also detects if Torbutton is
enabled by examining state of
window.__tb_hooks_ran.
NOTE: Fixed as of Torbutton 1.1.14-alpha.
detect-torbutton-linux: same checks as above, but
additionally looks for Linux specific
"resource:///icons/".
NOTE: Fixed as of Torbutton 1.1.14-alpha.
detect-torbutton-platform: same checks as above, but
looks at Windows, Mac OS X and Linux specific files to
determine platform.
NOTE: Fixed as of Torbutton 1.1.14-alpha.
detect-torbutton-path: same checks as above, but
determines browser installation path using stylesheet to
"resource:///res/viewsource.css".
NOTE: Fixed as of Firefox 2.0.0.12 (Bug 397427 - [FIX]Stylesheet href property shows redirected URL unlike other browsers).
show-buildid: the 'navigator.buildID' property leaks
information. (Note: IceCat displays "0000000000").
NOTE: Fixed as of Torbutton 1.1.14-alpha.
show-oscpu-productsub: the 'navigator.oscpu' and
'navigator.productSub' leak information (and are not reset
after toggle).
NOTE: can be unmasked in Torbutton.
show-oscpu: the 'navigator.oscpu' property leaks
information.
NOTE: can be unmasked in Torbutton.
detect-historyhook-timeout: detect the Torbutton history hook preference setting using a timeout.
detect-historyhook-alert: detect the Torbutton
history hook preference setting using an alert.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
unmask-oscpu-productsub: reveal actual
'navigator.oscpu' and 'navigator.productSub' values.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
unmask-date: reveal actual Date values.
unmask-history-navigation: reveal actual
'window.history' functions.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
unmask-buildid: reveal actual
'navigator.buildID' value.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
read-resource-prefs: attempt to read original
user-agent values from resource prefs.
NOTE: Fixed as of Torbutton 1.1.14-alpha.
detect-torbutton-viewsource-chrome: use 'view-source:'
to perform chrome check against
an image to see if Torbutton has been installed.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
detect-torbutton-viewsource-script: use
'view-source:' against a chrome script file.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
detect-torbutton-viewsource-linux: use 'view-source:'
to perform examination of Linux specific
"resource:///icons/".
NOTE: Fixed as of Torbutton 1.1.15-alpha.
detect-torbutton-viewsource-platform: use
'view-source:' to load Windows, Mac OS X and Linux
specific files to determine platform.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
read-viewsource-resource-prefs: attempt to read original
user-agent values by using 'view-source:' of resource prefs.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
unmask-screen: reveal actual
screen values.
NOTE: Fixed as of Torbutton 1.1.15-alpha.
unmask-proto-oscpu-productsub: reveal actual 'navigator.oscpu' and 'navigator.productSub' values by deleting through '__proto__'.
unmask-proto-date: reveal actual Date values by deleting through '__proto__'.
unmask-proto-history-navigation: reveal actual 'window.history' functions by deleting through '__proto__'.
unmask-proto-screen: reveal actual screen values by deleting through '__proto__'.
unmask-proto-buildid: reveal actual 'navigator.buildID' value by deleting through '__proto__'.
unmask-navigator-xpcnativewrapper: reveal actual 'window.navigator' values by using XPCNativeWrapper.
unmask-screen-xpcnativewrapper: reveal actual 'window.screen' values by using XPCNativeWrapper.
unmask-history-xpcnativewrapper: reveal actual 'window.history' values by using XPCNativeWrapper.
unmask-proto-history-multiple: reveal actual 'window.history' functions by using multiple methods of fixing 'window.__proto__' and then deleting through '__proto__'.
unmask-history-proto-xpcnativewrapper: reveal actual 'window.history' functions by accessing origin XPCNativeWrapper function from global object '__proto__'.
unmask-history-delete-xpcnativewrapper: reveal actual 'window.history' functions by deleting XPCNativeWrapper from the 'window' scope to access original XPCNativeWrapper function.
unmask-oscpu-buildid-delete-xpcnativewrapper: reveal actual 'navigator.oscpu' and 'navigator.buildID' values by deleting XPCNativeWrapper from the 'window' scope to access original XPCNativeWrapper function.
detect-torbutton-block: use overly broad Torbutton blocking to detect Torbutton.
unmask-date-javascript-link: reveal actual Date value timezone offset by using 'javascript:' URL to construct CSS stylesheet link.
unmask-navigator-iframe-javascript: reveal actual 'window.navigator' functions by accessing original XPCNativeWrapper function retrieved from 'javascript:' URL.
unmask-history-iframe-javascript: reveal actual 'window.history' functions by accessing original XPCNativeWrapper function retrieved from 'javascript:' URL.
unmask-screen-iframe-javascript: reveal actual 'window.screen' functions by accessing original XPCNativeWrapper function retrieved from 'javascript:' URL.
unmask-sandbox-xpcnativewrapper: reveal actual 'window' functions by accessing original XPCNativeWrapper function retrieved from the 'Sandbox' object.
read-resource-jar-locale: attempt to determine the actual locale by reading chrome via 'resource:'.
test-update-locale: in Firefox 3.5, an 'update.locale' file was added; this can be sourced as script via 'resource:'.
Tests based on following publicly disclosed information: