What fingerprinting techniques (canvas, audio, WebGL, fonts, timing) still work against Tor Browser in 2025?
Executive summary
Tor Browser in 2025 blocks or standardizes many high‑entropy vectors—canvas reads are blocked/standardized, WebGL readPixels is disabled or hard‑ened, fonts are limited with fallback lists, and timing sources are rate‑limited via uniform resolutions and letterboxing; yet academic and industry work shows traffic‑level website‑fingerprinting and other side channels still pose risks [1] [2] [3] [4].
1. Why Tor treats fingerprinting as its top application‑layer threat
The Tor Project treats browser fingerprinting as a primary, persistent danger and has built multiple defenses into Tor Browser: letterboxing to hide exact window/screen sizes, user‑agent spoofing and first‑party isolation, and default fallback fonts to blunt font and canvas differences [5] [1] [6]. Tor documentation and support pages explicitly state the browser “prevents fingerprinting” through a combination of measures rather than a single silver bullet [7] [5].
2. Canvas and audio: blocked, standardized, or randomized — with caveats
Tor Browser returns standardized or blank canvas data and presents warnings when sites attempt canvas reads; the project added randomized or identical image responses so canvas image extraction cannot easily single out users [8] [9] [10]. Sources note Tor’s canvas defenses are effective for the most common attacks but cannot distinguish legitimate uses from fingerprinting, so sites may still request access and the warning alone is not proof of malicious intent [8]. Audio fingerprinting is recognized as a similar high‑entropy vector in the broader fingerprinting literature, and Tor’s general script restrictions and NoScript integration reduce exposure [11] [2].
3. WebGL: disabled reads and ongoing hard engineering tradeoffs
Tor historically disabled WebGL readPixels to prevent pixel‑level GPU fingerprints; upstream work shows Tor relaxed some WebGL while keeping readPixels blocked and set a “min capability” mode to reduce variability [3] [12]. Mozilla bug discussions and Tor issue trackers make clear WebGL cannot be made fully unfingerprintable and that modifications risk signaling “anti‑fingerprinting” modes that themselves become an identifying marker [13] [12]. In short: Tor mitigates many WebGL vectors but WebGL remains a complex, imperfect surface [13].
4. Fonts: whitelists, fallback fonts and an engineering roadmap
Tor limits the number of fonts a page can probe and ships default fallback fonts so font‑probing across users looks similar, but the rendering dimensions of glyphs are not fully spoofed and font‑list leakage remains a hard problem [6] [14]. The project has an active roadmap and bug tickets for font‑whitelisting and other font defenses—signal that font fingerprinting is reduced but not declared solved [15] [16].
5. Timing and JS-based side channels: uniformity and limits
Tor sets JavaScript clock sources and event timestamps to fixed resolutions to prevent high‑precision timing fingerprints such as typing‑timing and other interval‑based identifiers [6]. Tor also bundles NoScript and canvas/image extraction blocking to limit active script fingerprinters [2]. However, independent reviewers stress that blocking JS entirely makes users more unique; selective JS features are necessary for site functionality, so timing defenses are a balance between usability and anonymity [17].
6. Network‑level traffic fingerprinting remains a distinct and real threat
Separate from browser API fingerprinting, website traffic‑fingerprinting (WF) attacks that analyze packet timing, size and guard‑to‑Tor patterns can reliably infer visited sites if an adversary observes the path between the user and the Tor entry node; multiple papers and live‑relay experiments show WF remains a high‑accuracy threat [18] [4]. Tor mitigations at the network layer are a different engineering problem; browser anti‑fingerprinting does not defend against WF [18] [4].
7. Practical takeaway: strong but not invulnerable — choose your tradeoffs
Available reporting shows Tor Browser in 2025 offers industry‑leading reductions in canvas, WebGL readouts, font leakage and high‑resolution timing fingerprints through standardization, blocking and UI warnings [1] [2] [3] [6]. But researchers and vendor writeups emphasize remaining gaps: WebGL can still leak, font glyph metrics are not fully spoofed, timing tradeoffs exist, and traffic‑analysis attacks operate outside the browser defense model [13] [14] [4]. Users whose threat model includes powerful network observers or highly motivated cross‑browser linkage should treat Tor as a strong mitigation but not an absolute guarantee [4] [17].
Limitations of this report: reporting above synthesizes the provided sources only; available sources do not mention any 2025 Tor release notes that claim “complete” elimination of any single vector. Sources disagree on whether some mitigations (e.g., WebGL relaxations) increase usability at the cost of new fingerprint signals—Tor and Mozilla discussions explicitly record that tension [12] [13].