HackerHouse has published an investigation into using Windows DRM-protected files to unmask Tor Browser users.
The attack works against people running Tor Browser on Windows and requires them to ignore Tor’s warning that third-party files can expose their IP address.
“This is not an attack against Tor or the Tor Browser directly, but a useful way that could be leveraged to identify people attempting to access illegal media content (such as Daesh propaganda),” said HackerHouse.
The attack tricks a user into opening a digitally-signed Windows media file. Windows will automatically open an IE window and access a URL set by the signer to check the file’s licence.
Provided the file is properly signed, no warning other than the standard Tor Browser warning will be displayed – and the file’s creator will be able to get the IP address of the Tor user.