[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17412 [Tor Browser]: High-precision timestamps in JS



#17412: High-precision timestamps in JS
-----------------------------+--------------------------
 Reporter:  arthuredelstein  |          Owner:  tbb-team
     Type:  defect           |         Status:  new
 Priority:  Medium           |      Milestone:
Component:  Tor Browser      |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:                   |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |
-----------------------------+--------------------------

Comment (by lhansen):

 For the original shared memory issue (high-precision timer obtained by
 counting in shared memory), you could disable SharedArrayBuffer - this is
 easy, and unless shared memory becomes widely used it will impact few
 users.  (However it's possible shared memory will become widely used
 simply because it creates a high-bandwidth communication channel between
 the main thread and a worker.)

 Another solution that is discussed in that ticket is to manipulate the
 workers' thread affinity so that all workers are run on the same OS thread
 as the tab's main thread.  Since Firefox multiplexes a single thread
 across all tabs, this amounts to running all workers on the main thread as
 well (but preemptively).  As an even more elaborate countermeasure, it's
 probable that the thread affinity could be manipulated like that only for
 workers that receive a shared memory object - that's probably the sweet
 spot.

 Note however that there are other problems brought up in that thread -
 there's a report (unconfirmed so far) that Web Audio provides access to
 (racy) shared memory that could be used in the same way, and several of us
 have tried to construct high-resolution timers from low-resolution timers,
 with varying success.  Adding jitter to the high-resolution timers such as
 performance.now in addition to reducing its resolution will probably be a
 good start.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17412#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs