1372069 - Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true

Status: RESOLVED FIXED

(Core :: DOM: Geolocation, enhancement, P1)

Description

[Tim Huang[:timhuang]]

The geolocation API can show the location of a given user, which is a fingerprinting vector. So, we want to find a way to nerturalize the possibility of fingerprinting when 'privacy.resistFingerprinting' is on.

Although, it requires the permission from the user to access this API. But, if users have granted this permission before 'privacy.resistFingerprinting' is on, then the website can still access this API without informing the user. Or a user may grant this incautiously. Both cases are what we don't want to see when 'privacy.resistFingerprinting' is on. 

Ehsan has suggested that we can use a similar way of Bug 1072859 that throwing an exception when the API entry points are called.

Comment 1

[Tim Huang[:timhuang]]

Attachment: Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true.

This patch disables Geolocation API when fingerprinting resistance is enabled.
The way we disable it is the same as how we disable this API for non-secure
origins that we will reject the request from this API and still keep this API
around.

Review commit: https://reviewboard.mozilla.org/r/156888/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/156888/

Comment 2

[Tim Huang[:timhuang]]

Attachment: Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true.

This patch adds a test case to check whether geolocation API is disabled when
fingerprinting resistance is enabled. The test will check that the successCallback
of geolocation API is not called, but the errorCallback is called with a
PERMISSION_DENIED error when 'privacy.resistFingerprinting' is true.

Review commit: https://reviewboard.mozilla.org/r/156890/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/156890/

Comment 3

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 8886081 [details]
Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/156888/#review162004

Comment 4

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 8886082 [details]
Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/156890/#review162006

Comment 5

[Tim Huang[:timhuang]]

Comment on attachment 8886082 [details]
Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/156890/diff/1-2/

Comment 6

[Arthur Edelstein [:arthur]]

Comment on attachment 8886081 [details]
Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/156888/#review162330

Comment 7

[Arthur Edelstein [:arthur]]

Comment on attachment 8886082 [details]
Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/156890/#review162332

Comment 8

[Tim Huang[:timhuang]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=93c5486316b7

Comment 9

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/a450b50c2222
Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug
https://hg.mozilla.org/integration/autoland/rev/5cc6976b59ce
Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug

Comment 10

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/a450b50c2222
https://hg.mozilla.org/mozilla-central/rev/5cc6976b59ce

Comment 11

[Tom Grabowski [:TomGrab]]

Verified on Mac OS 10.12.6 with Nightly 58.0a1 (2017-10-25) (64-bit)

Verification steps:
##### Test case 1:
1. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation
2. Click on "Try it"
3. In the pop-up, allow website to receive your location

Expected result:
The website displays your correct location

Actual result:
Same as expected result.


##### Test case 2:
1. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation
2. Click on "Try it"
3. In the pop-up, allow website to receive your location, and check the "Remember this decision" checkbox

Expected result:
The website displays your correct location

Actual result:
Same as expected result.



##### Test case 3:
1. Set preference parameter privacy.resistFingerprinting to true
2. Go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation
3. Click on "Try it"

Expected result:
No pop-up asking for location permission is displayed. Website is unable to print your location

Actual result:
Same as expected result.