Closed Bug 1372072 Opened 7 years ago Closed 7 years ago

Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true

Categories

(Core :: DOM: Core & HTML, enhancement, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting][tor][fp:m2])

Attachments

(2 files)

Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true.
59 bytes, text/x-review-board-request
baku
: review+
arthur
: review+
Details
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true.
59 bytes, text/x-review-board-request
baku
: review+
arthur
: review+
Details 
The network information API will reveal users' connection type, this is a fingerprinting vector. We should neutralize this fingerprinting issue when 'privacy.resistFingerprinting' is on.

I suggest that we can make this to report a fixed type, like 'ethernet' and block the ontypechange event when fingerprinting resistance is on.
After checking the code, I think type 'none' would be better here since this is the default type.

Baku, what do you think regarding the way that I proposed to neutralize the fingerprinting issue?

Arthur, any thoughts?
Flags: needinfo?(arthuredelstein)
Flags: needinfo?(amarchesini)
Priority: -- → P1
I prefer to use: 'unknown'. Note that this API is currently enabled only on Android.
Flags: needinfo?(amarchesini)
(In reply to Tim Huang[:timhuang] from comment #1)

> Arthur, any thoughts?

According to the W3C draft spec, "unknown" seems to be the best answer, as baku suggests:
https://wicg.github.io/netinfo/#dom-connectiontype-unknown

whereas "none" might result in the content script assuming it is offline and behaving accordingly::
https://wicg.github.io/netinfo/#dom-connectiontype-none
Flags: needinfo?(arthuredelstein)
Comment on attachment 8878397 [details]
Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/149738/#review155012

::: dom/network/Connection.h:14
(Diff revision 1)
>  
>  #include "mozilla/DOMEventTargetHelper.h"
>  #include "mozilla/dom/NetworkInformationBinding.h"
>  #include "nsCycleCollectionParticipant.h"
>  #include "nsINetworkProperties.h"
> +#include "Constants.h"

alphabetic order.
Attachment #8878397 - Flags: review?(amarchesini) → review+
Comment on attachment 8878398 [details]
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/149740/#review155014
Attachment #8878398 - Flags: review?(amarchesini) → review+
Comment on attachment 8878397 [details]
Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/149738/#review156478

::: dom/network/Connection.h:60
(Diff revision 1)
>                                 JS::Handle<JSObject*> aGivenProto) override;
>  
> -  ConnectionType Type() const { return mType; }
> +  ConnectionType Type() const
> +  {
> +    return nsContentUtils::ShouldResistFingerprinting() ?
> +             static_cast<ConnectionType>(kUnknownType) : mType;

You could just use `ConnectionType::Unknown` here, and then there is no need for kUnknownType.
Attachment #8878397 - Flags: review?(arthuredelstein) → review+
Comment on attachment 8878398 [details]
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true.

https://reviewboard.mozilla.org/r/149740/#review156480
Attachment #8878398 - Flags: review?(arthuredelstein) → review+
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again.

hg error in cmd: hg rebase -s 818da99364d4 -d fdbe7c1be3a5: rebasing 404364:818da99364d4 "Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku"
rebasing 404365:3f7b3aa24dc3 "Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku" (tip)
merging browser/components/resistfingerprinting/test/browser/browser.ini
warning: conflicts while merging browser/components/resistfingerprinting/test/browser/browser.ini! (edit, then use 'hg resolve --mark')
unresolved conflicts (see hg resolve, then hg rebase --continue)
Rebased
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/41a89cb123e1
Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
https://hg.mozilla.org/integration/autoland/rev/fe711bd124f6
Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
Keywords: checkin-needed
Backout by cbook@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5fb1f74ac0f6
Backed out changeset fe711bd124f6 
https://hg.mozilla.org/integration/autoland/rev/aef84a0e8e70
Backed out changeset 41a89cb123e1 for causing perma failure in browser_windowRestore_perwindowpb.js
This shouldn't have been backed out...at least, not for this reason. Consider:

https://treeherder.mozilla.org/#/jobs?repo=autoland&bugfiler&noautoclassify&filter-searchStr=linux%20opt%20mochitests%20executed%20by%20taskcluster%20test-linux32%2Fopt-mochitest-browser-chrome%20tc-m(bc&fromchange=99dfc776b001dca817851839f42a21c6f55ca1a5

There was an existing near-perma failure, a crash in RunWatchdog following browser/components/sessionstore/test/browser_windowRestore_perwindowpb.js, which was happening in linux32-opt mochitest-bc3 previous to this push. In this push (comment 17), the addition of a new test case moved the browser/components/sessionstore tests to mochitest-bc7, where they continued to fail.
According to comment 20, request checkin-needed again. Thanks, Geoff.
Flags: needinfo?(tihuang)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/69970dbe2b5a
Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
https://hg.mozilla.org/integration/autoland/rev/12f8c79dabb4
Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/69970dbe2b5a
https://hg.mozilla.org/mozilla-central/rev/12f8c79dabb4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Verified on Mac OS 10.12.6 with Nightly 58.0a1 (2017-10-25) (64-bit)

Verification steps:
1. Turn parameter dom.netinfo.enabled to true
2. Go to https://www.audero.it/demo/network-information-api-demo.html
3. Turn parameter privacy.resistFingerprinting to true
4. Reload the above page

Expected result:
After step 2, your real connection type should be shown.
After step 4, your connection type should be shown as "unknown"

Actual results:
Save as expected results
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: