Warning message when accessing duckduckgo.com using the Tor Browser Bundle

[Old Forum guest] anonymous
Created: 6 years and 4 months ago
Using the most recent version of the Tor Browser Bundle for 64-bit GNU/Linux (Version 2.2.39-3), the following notification popped up when accessing https://duckduckgo.com:
This website (duckduckgo.com) attempted to access image data on a canvas. Since canvas image data can be used to discover information about your computer, blank image data was returned this time.
I don't know anything about this subject matter myself so could someone explain to me what information duckduckgo.com is trying to get and why this is useful?

Here's a picture of the message:


This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


zac
Thanks for bringing this to our attention! I updated to the latest version of Tor and now I'm having the same issue : |

Probably a small glitch on our side--we'll investigate asap!


-Zac

DuckDuckGo Community Manager
posted by zac Staff6 years and 4 months ago Link
anonymous
At first glance and after having a brief internal talk this looks to be the result of anti-alias detection upon initialization.  It also bleeds into the SERP pages.  I'll investigate a bit.

This is a warning issued by TorButton which is an extension not a part of the proxy.
posted by [Old Forum guest] • 6 years and 4 months ago Link
caine
the above post was from me.
posted by caine Staff6 years and 4 months ago Link
anonymous
Still having the same problem with tor-browser-2.3.25-4_en-US
posted by [Old Forum guest] • 5 years and 11 months ago Link
zac
Thanks!---I see it as well. We'll take a look. 



-Zac

DuckDuckGo Community Manager
posted by zac Staff5 years and 11 months ago Link
zac
Just an update to this--we're still looking into a fix but it's a problem with font detection. There aren't any security implications, as it's only an issue on our end.


-Zac

DuckDuckGo Community Manager
posted by zac Staff5 years and 11 months ago Link
anonymous
10 months since OP comment, and I saw the warning just now (Sept 2013)
posted by [Old Forum guest] • 5 years and 5 months ago Link
anonymous
It is adjusting the fonts. Use https://duckduckgo.com/lite or https://duckduckgo.com/html if you're scared.
posted by [Old Forum guest] • 5 years and 5 months ago Link
anonymous
11 monthes and still nothing, no one cares ?
posted by [Old Forum guest] • 5 years and 5 months ago Link
anonymous
The problem with them using this method to "adjust fonts", as shown by recent FISA orders and the takedown of Freedom Hosting and use of exploits for holes in tor browser bundle, is that the govt will stop at nothing to watch what everyone is doing, even violating unlawful search and seizure limitations of the constitution.

Here's a plausible situation:

User gets tor browser bundle and sees the warning.
User searches for reasons why.
User finds it's just a "font adjustment" on sites like this and decides to "Allow in the future" this type of activity.
Feds issue a FISA order and/or seize the duckduckgo servers and get the canvas snooping changed to start doing fingerprinting of the machine.
User's identity is compromised because he decided to "Allow in the future" the snooping.
So much for "Search anonymously".
posted by [Old Forum guest] • 5 years and 5 months ago Link
yegg
As Zac said, this has to do with our font choice, Segoe UI. Unfortunately it looks terrible on computers without anti-aliasing and so we check the canvas to see if anti-aliasing is on or not. if it is on, we go with the font. If not, it falls back to Arial.

We are in the midst of a redesign that should make this issue go away.
posted by yegg Staff5 years and 5 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 4 years and 5 months ago