[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner:
Type: task | arthuredelstein
Priority: Very High | Status:
Component: Applications/Tor Browser | assigned
Severity: Critical | Milestone:
Keywords: tbb-fingerprinting-os, tbb-easy, | Version:
TorBrowserTeam201605 | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:25 arthuredelstein]:
> The Web Audio API looks to me like something that would only have
occasional legitimate uses. Most sites using audio do not need to do any
sound processing on the fly. Many games need only to play sound samples,
which can be done with <audio> elements and don't require Web Audio. Uses
for Web Audio I can think of include 3D games or other immersive content,
music sequencers or audio/video editing apps. So, because these are fairly
unusual, I think one efficient defense would be to prompt the user before
allowing content to instantiate an AudioContext object, very similar to
how we prompt before HTML5 Canvas image extraction (#6253).
I think the prompt is a good solution if indeed the Web Audio API reveals
more about a browser/machine/OS than the JS Math interface. If not, fixing
the JS Math interface should fix this problem? Not sure...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs