Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

[Joe Btfsplk <joebtfsplk@xxxxxxx>]

On 5/7/2013 5:27 PM, Moritz Bartl wrote:
> https://www.torproject.org/projects/torbrowser/design/
>
> "WebGL can reveal information about the video card in use, and high
> precision timing information can be used to fingerprint the CPU and
> interpreter speed."
> [...]
> The adversary simply renders WebGL, font, and named color data to a
> Canvas element, extracts the image buffer, and computes a hash of that
> image data. Subtle differences in the video card, font packs, and even
> font and graphics library versions allow the adversary to produce a
> stable, simple, high-entropy fingerprint of a computer. In fact, the
> hash of the rendered image can be used almost identically to a tracking
> cookie by the web server.
> [...]
> WebGL is fingerprintable both through information that is exposed about
> the underlying driver and optimizations, as well as through performance
> fingerprinting.
>
> Because of the large amount of potential fingerprinting vectors and the
> previously unexposed vulnerability surface, we deploy a similar strategy
> against WebGL as for plugins. "
OK, thanks for detailed reply.  Now that the "adversary" has a 
fingerprint of my machine (therein lies the problem - the data being 
given out), unless they're the gubment & I'm a bad guy (or living in a 
represses society), what are they going to do w/ that info?  In the real 
world, not, "theoretically, they could..."  Let's assume I haven't done 
anything that falls under criminal court jurisdiction & very unlikely 
anything even falling under civil court jurisdiction.

This is good info to know.  My wondering about another method of using a 
stand alone media player (not browser plugin) that plays Flash or WebGL 
content, & whether it avoids some of these issues, is in another post, 
today.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk