User Agent: Mozilla/5.0 (Windows NT 6.3; rv:46.0) Gecko/20100101 Firefox/46.0 Build ID: 20151218030232 Steps to reproduce: speechSynthesis.getVoices() Actual results: It exposes info about TTS engines installed in the system Expected results: This can be used for fingerprinting. I suggest to redesign the API 1 speechSynthesis.getVoices() must be allowed only to addons with enough priveleges 2 Add speechSynthesis.getVoiceSelectorWidget() which should return a DOM node allowing the user to select speech engine but disallowing the webpage to see its internals. 3 events timing must be obfuscated by adding a random value from some range to them.
4 There should be a generalized TTS engine which will select and use another engines based on SSML tags.
Could you file this also as a spec bug? https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Speech%20API
(In reply to Olli Pettay [:smaug] from comment #2) Done.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Whiteboard: [fingerprinting] → [fingerprinting][fp-triaged]
3 months ago
Whiteboard: [fingerprinting][fp-triaged] → [fingerprinting][fp-triaged][tor 10283]
See Also: → bug 1485280
Summary: WebSpeech API mustn't allow fingerprinting → WebSpeech Synthesis API mustn't allow fingerprinting
Whiteboard: [fingerprinting][fp-triaged][tor 10283] → [fingerprinting][tor 10283]
You need to log in before you can comment on or make changes to this bug.