Closed
Bug 1372069
Opened 7 years ago
Closed 7 years ago
Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true
Categories
(Core :: DOM: Geolocation, enhancement, P1)
Core
DOM: Geolocation
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: timhuang, Assigned: timhuang)
References
(Blocks 1 open bug)
Details
(Whiteboard: [fingerprinting][tor][fp:m2])
Attachments
(2 files)
The geolocation API can show the location of a given user, which is a fingerprinting vector. So, we want to find a way to nerturalize the possibility of fingerprinting when 'privacy.resistFingerprinting' is on. Although, it requires the permission from the user to access this API. But, if users have granted this permission before 'privacy.resistFingerprinting' is on, then the website can still access this API without informing the user. Or a user may grant this incautiously. Both cases are what we don't want to see when 'privacy.resistFingerprinting' is on. Ehsan has suggested that we can use a similar way of Bug 1072859 that throwing an exception when the API entry points are called.
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8886081 [details] Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/156888/#review162004
Attachment #8886081 -
Flags: review?(bugs) → review+
Comment 4•7 years ago
|
||
mozreview-review |
Comment on attachment 8886082 [details] Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/156890/#review162006
Attachment #8886082 -
Flags: review?(bugs) → review+
Comment hidden (mozreview-request) |
Comment 6•7 years ago
|
||
mozreview-review |
Comment on attachment 8886081 [details] Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/156888/#review162330
Attachment #8886081 -
Flags: review?(arthuredelstein) → review+
Comment 7•7 years ago
|
||
mozreview-review |
Comment on attachment 8886082 [details] Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/156890/#review162332
Attachment #8886082 -
Flags: review?(arthuredelstein) → review+
Assignee | ||
Comment 8•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=93c5486316b7
Keywords: checkin-needed
Updated•7 years ago
|
Priority: -- → P1
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/a450b50c2222 Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug https://hg.mozilla.org/integration/autoland/rev/5cc6976b59ce Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug
Keywords: checkin-needed
Comment 10•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a450b50c2222 https://hg.mozilla.org/mozilla-central/rev/5cc6976b59ce
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Comment 11•7 years ago
|
||
Verified on Mac OS 10.12.6 with Nightly 58.0a1 (2017-10-25) (64-bit) Verification steps: ##### Test case 1: 1. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation 2. Click on "Try it" 3. In the pop-up, allow website to receive your location Expected result: The website displays your correct location Actual result: Same as expected result. ##### Test case 2: 1. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation 2. Click on "Try it" 3. In the pop-up, allow website to receive your location, and check the "Remember this decision" checkbox Expected result: The website displays your correct location Actual result: Same as expected result. ##### Test case 3: 1. Set preference parameter privacy.resistFingerprinting to true 2. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation 3. Click on "Try it" Expected result: No pop-up asking for location permission is displayed. Website is unable to print your location Actual result: Same as expected result.
You need to log in
before you can comment on or make changes to this bug.
Description
•