Tech · fingerprint.com
fingerprint.com found a stable Firefox identifier linking all your private Tor identities
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
The fix is straightforward in principle: the browser should not expose internal storage ordering that reflects process-scoped state.
Key facts
- Mozilla has quickly released the fix in Firefox 150 and ESR 140.10.0, and the patch is tracked in Mozilla Bug 2024220
- Mozilla has released the fix in Firefox 150 and ESR 140.10.0, and the patch is tracked in Mozilla Bug 2024220
- With 16 controlled names, the theoretical space is about 44 bits
- In affected Firefox Private Browsing and Tor Browser builds, both origins observe the same permutation during the lifetime of the same browser process
Summary
This means a website can create a set of IndexedDB databases, inspect the returned ordering, and use that ordering as a fingerprint for the running browser process. In Firefox Private Browsing mode, the identifier can also persist after all private windows are closed, as long as the Firefox process remains running. The team responsibly disclosed the issue to Mozilla and to the Tor Project. Private browsing modes and privacy-focused browsers are designed to reduce websites' ability to identify users across contexts. First, unrelated websites should not be able to tell they are interacting with the same browser instance unless a shared storage or explicit identity mechanism is involved.