[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability

Subject: Re: [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 10 Sep 2014 19:20:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Sep 2014 15:20:50 -0400
In-reply-to: <049.3a8b46022c44ae559e4586a2a4335910@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.3a8b46022c44ae559e4586a2a4335910@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  brade
  mikeperry              |     Status:  assigned
         Type:  task     |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-fingerprinting,
  Browser                |  TorBrowserTeam201409
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 Kathy and I also reviewed the canvas APIs.  Here are a few of our
 observations:

 * The willReadFrequently canvas option is disabled by default (the
 gfx.canvas.willReadFrequently.enable pref must be added with the value
 true) so we do not need to worry about this.

 * We have not done anything to block use of isPointInPath() and
 isPointInStroke().  Do we need to block these?

 * We have not done anything to block use of measureText().  Theoretically,
 it could be used to detect differences based on available fonts or
 rendering differences.  Do we need to block this?

 * In ESR31, ToBlob() accepts options to allow callers to specify encoding
 options such as JPEG quality.  Kathy and I do not think this is a
 fingerprinting vector since, by default, white image data is returned.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #12206 [Tor]: Switch to one guard per client
Next by Author: [tor-bugs] #13121 [Tor]: App Conflict
Previous by thread: Re: [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Next by thread: Re: [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Index(es):
- Author
- Thread