[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7084 [Firefox Patch Issues]: âCanvas image extraction promptâ displays useless message

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7084 [Firefox Patch Issues]: âCanvas image extraction promptâ displays useless message
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 15 Feb 2013 23:02:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 15 Feb 2013 18:02:20 -0500
In-reply-to: <047.31deb2946617defa047d9b614b999e03@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.31deb2946617defa047d9b614b999e03@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7084: âCanvas image extraction promptâ displays useless message
-------------------------------------+--------------------------------------
    Reporter:  rransom               |       Owner:  mikeperry
        Type:  defect                |      Status:  closed   
    Priority:  normal                |   Milestone:           
   Component:  Firefox Patch Issues  |     Version:           
  Resolution:  not a bug             |    Keywords:           
      Parent:                        |      Points:           
Actualpoints:                        |  
-------------------------------------+--------------------------------------
Changes (by mikeperry):

  * status:  reopened => closed
  * resolution:  => not a bug


Comment:

 It is not about the icon. That is just where the warning appears. The HTML
 Canvas is a general purpose rendering surface. We display the warning if
 websites attempt to render image data and then silently extract it,
 because this is a major, high-entropy, highly stable fingerprinting
 vector.

 However, eliminating this warning entirely makes it impossible to use web-
 based image editing tools. Sure, these tools might not be prevalent or
 popular now aside from lolcat generation, but silently breaking them for
 everyone is not a long-term solution either.

 If there really are first/third parties that are drawing to the canvas and
 silently extracting that data for whatever use, this is something we
 should bring to the attention of the EFF and other anti-fingerprinting web
 advocates so they can pressure those sites to stop that activity. That is
 the right way to handle these messages.

 I've updated #7265 to hopefully reduce the prevalence of the message (we
 can probably simply block third parties and just log, for example) and
 make it easier to determine the actual offending party. That ticket is on
 the schedule for the next few months.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7084#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #8243 [Tor]: Getting the HSDir flag should require more effort
Next by Author: Re: [tor-bugs] #7265 [Firefox Patch Issues]: Only display Canvas message for first parties; simply log third parties (was: Canvas extraction message should provide path to full url)
Previous by thread: Re: [tor-bugs] #7084 [Firefox Patch Issues]: âCanvas image extraction promptâ displays useless message
Next by thread: Re: [tor-bugs] #7019 [Tor]: Potential memory leak on 0.2.3.x relays
Index(es):
- Author
- Thread