Closed Bug 1372072 Opened 7 years ago Closed 7 years ago

Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true

Categories

(Core :: DOM: Core & HTML, enhancement, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting][tor][fp:m2])

Attachments

(2 files)

Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true.
59 bytes, text/x-review-board-request
baku
: review+
arthur
: review+
Details
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true.
59 bytes, text/x-review-board-request
baku
: review+
arthur
: review+
Details
The network information API will reveal users' connection type, this is a fingerprinting vector. We should neutralize this fingerprinting issue when 'privacy.resistFingerprinting' is on. I suggest that we can make this to report a fixed type, like 'ethernet' and block the ontypechange event when fingerprinting resistance is on.
After checking the code, I think type 'none' would be better here since this is the default type. Baku, what do you think regarding the way that I proposed to neutralize the fingerprinting issue? Arthur, any thoughts?
Flags: needinfo?(arthuredelstein)
Flags: needinfo?(amarchesini)
Priority: -- → P1
I prefer to use: 'unknown'. Note that this API is currently enabled only on Android.
Flags: needinfo?(amarchesini)
(In reply to Tim Huang[:timhuang] from comment #1) > Arthur, any thoughts? According to the W3C draft spec, "unknown" seems to be the best answer, as baku suggests: https://wicg.github.io/netinfo/#dom-connectiontype-unknown whereas "none" might result in the content script assuming it is offline and behaving accordingly:: https://wicg.github.io/netinfo/#dom-connectiontype-none
Flags: needinfo?(arthuredelstein)
Comment on attachment 8878397 [details] Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/149738/#review155012 ::: dom/network/Connection.h:14 (Diff revision 1) > > #include "mozilla/DOMEventTargetHelper.h" > #include "mozilla/dom/NetworkInformationBinding.h" > #include "nsCycleCollectionParticipant.h" > #include "nsINetworkProperties.h" > +#include "Constants.h" alphabetic order.
Attachment #8878397 - Flags: review?(amarchesini) → review+
Comment on attachment 8878398 [details] Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/149740/#review155014
Attachment #8878398 - Flags: review?(amarchesini) → review+
Comment on attachment 8878397 [details] Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/149738/#review156478 ::: dom/network/Connection.h:60 (Diff revision 1) > JS::Handle<JSObject*> aGivenProto) override; > > - ConnectionType Type() const { return mType; } > + ConnectionType Type() const > + { > + return nsContentUtils::ShouldResistFingerprinting() ? > + static_cast<ConnectionType>(kUnknownType) : mType; You could just use `ConnectionType::Unknown` here, and then there is no need for kUnknownType.
Attachment #8878397 - Flags: review?(arthuredelstein) → review+
Comment on attachment 8878398 [details] Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. https://reviewboard.mozilla.org/r/149740/#review156480
Attachment #8878398 - Flags: review?(arthuredelstein) → review+
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again. hg error in cmd: hg rebase -s 818da99364d4 -d fdbe7c1be3a5: rebasing 404364:818da99364d4 "Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku" rebasing 404365:3f7b3aa24dc3 "Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku" (tip) merging browser/components/resistfingerprinting/test/browser/browser.ini warning: conflicts while merging browser/components/resistfingerprinting/test/browser/browser.ini! (edit, then use 'hg resolve --mark') unresolved conflicts (see hg resolve, then hg rebase --continue)
Rebased
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/41a89cb123e1 Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku https://hg.mozilla.org/integration/autoland/rev/fe711bd124f6 Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
Keywords: checkin-needed
Backout by cbook@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5fb1f74ac0f6 Backed out changeset fe711bd124f6 https://hg.mozilla.org/integration/autoland/rev/aef84a0e8e70 Backed out changeset 41a89cb123e1 for causing perma failure in browser_windowRestore_perwindowpb.js
This shouldn't have been backed out...at least, not for this reason. Consider: https://treeherder.mozilla.org/#/jobs?repo=autoland&bugfiler&noautoclassify&filter-searchStr=linux%20opt%20mochitests%20executed%20by%20taskcluster%20test-linux32%2Fopt-mochitest-browser-chrome%20tc-m(bc&fromchange=99dfc776b001dca817851839f42a21c6f55ca1a5 There was an existing near-perma failure, a crash in RunWatchdog following browser/components/sessionstore/test/browser_windowRestore_perwindowpb.js, which was happening in linux32-opt mochitest-bc3 previous to this push. In this push (comment 17), the addition of a new test case moved the browser/components/sessionstore tests to mochitest-bc7, where they continued to fail.
According to comment 20, request checkin-needed again. Thanks, Geoff.
Flags: needinfo?(tihuang)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/69970dbe2b5a Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku https://hg.mozilla.org/integration/autoland/rev/12f8c79dabb4 Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/69970dbe2b5a https://hg.mozilla.org/mozilla-central/rev/12f8c79dabb4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Verified on Mac OS 10.12.6 with Nightly 58.0a1 (2017-10-25) (64-bit) Verification steps: 1. Turn parameter dom.netinfo.enabled to true 2. Go to https://www.audero.it/demo/network-information-api-demo.html 3. Turn parameter privacy.resistFingerprinting to true 4. Reload the above page Expected result: After step 2, your real connection type should be shown. After step 4, your connection type should be shown as "unknown" Actual results: Save as expected results
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: