Re: [tor-bugs] #10286 [Applications/Tor Browser]: Touch events leak absolute screen coordinates

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10286: Touch events leak absolute screen coordinates
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-resolution,       |  Actual Points:
  ff52-esr, tbb-testcase, tbb-firefox-patch,     |
  tbb-7.0-must-alpha, TorBrowserTeam201705       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:
     tbb-fingerprinting-resolution, ff52-esr, tbb-testcase, tbb-firefox-
     patch, tbb-7.0-must-alpha, TorBrowserTeam201705R
     =>
     tbb-fingerprinting-resolution, ff52-esr, tbb-testcase, tbb-firefox-
     patch, tbb-7.0-must-alpha, TorBrowserTeam201705
 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:25 arthuredelstein]:
 > I have thought some more and I now think my reasoning in comment:24 is
 wrong. Some laptop/desktop users will be using a touch screen or stylus
 frequently, which means that two such sessions can be positively
 correlated. That means we have allowed some fingerprinting, even if a
 third session where the Touch API is not used cannot be positively linked
 to the first two.
 >
 > So now I am inclined to disable the Touch API altogether. Here's a new
 branch with 3 patches. The first simply disables the pref. The next two
 patches are the same as before (censoring the true screenX, etc.); the
 latter two are included as a possible defense in depth, in case the Touch
 API gets activated by the user or by us in the future, but those patches
 are not absolutely necessary.
 >
 > ​https://github.com/arthuredelstein/tor-browser/commits/10286+2

 I think the approach is okay for now. We might want to think harder
 whether we want to enable touch support in the future by default and rely
 only on the spoofing.

 Arthur: Did you run the test? It seems it passes/fails depending on the
 platform which seems suboptimal. If that's the case can you fix that? Then
 there is a typo: 100286 (we don't have 6-digit bug numbers yet). I got
 confused by the pointer event references, in particular
 https://bugzilla.mozilla.org/show_bug.cgi?id=1000870 in the test. Is that
 the way to write tests for touch event related things?

 FWIW: I did not compile the code yet nor did I run a Tor Browser with the
 patches.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10286#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs