Open
Bug 1422890
Opened 7 years ago
Updated 1 year ago
Add additional Canvas Fingerprinting Tests
Categories
(Core :: Graphics: Canvas2D, enhancement, P3)
Core
Graphics: Canvas2D
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox59 | --- | affected |
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [fingerprinting][gfx-noted][fp-triaged])
I believe there are four APIs we trigger the permission prompt for: - canvas.toDataURL - canvas.toBlob - canvas.mozGetAsFile - canvas.isPointInPath We should have a test case for each of them.
|
||
Updated•7 years ago
|
Whiteboard: [fingerprinting] → [fingerprinting][gfx-noted]
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 1•7 years ago
|
||
may be relevant ... getImageData, readPixels - see https://github.com/kkapsner/CanvasBlocker/issues/158#issuecomment-350355730
|
Reporter | |
Comment 2•7 years ago
|
||
We do prompt for getImageData; we should make sure it has a test. readPixels seems like it's a WebGL thing. I wonder if Tor Browser hasn't addressed it, and if not, if it's because they make WebGL click to play (in all circumstances). That would mean it would be important for us to address: TB doesn't need us to do it by next ESR; but it is a hole in FF's RP pref. If so we should open a new bug about it specifically.
Flags: needinfo?(arthuredelstein)
|
||
Comment 3•7 years ago
|
||
(In reply to Tom Ritter [:tjr] (OOTO until 1/4) from comment #0) > I believe there are four APIs we trigger the permission prompt for: > > - canvas.toDataURL > - canvas.toBlob > - canvas.mozGetAsFile > - canvas.isPointInPath > > We should have a test case for each of them. Two more are: - canvas.isPointInStroke (blocked RFP) - canvas.measureText (not blocked by RFP, but perhaps should be; see https://trac.torproject.org/projects/tor/ticket/13400) (In reply to Tom Ritter [:tjr] (OOTO until 1/4) from comment #2) > readPixels seems like it's a WebGL thing. I wonder if Tor Browser hasn't > addressed it, and if not, if it's because they make WebGL click to play (in > all circumstances). That would mean it would be important for us to > address: TB doesn't need us to do it by next ESR; but it is a hole in FF's > RP pref. If so we should open a new bug about it specifically. Yes, readPixels has not been addressed by Tor Browser. (Indeed I would prefer if we did address it in any case, even though WebGL is disabled via NoScript except where the user enables it per-site.) https://arthuredelstein.net/webgl/read-pixels-test.html
Flags: needinfo?(arthuredelstein)
|
|
||
Comment 4•7 years ago
|
||
(In reply to Arthur Edelstein (Tor Browser dev) [:arthuredelstein] from comment #3) > (In reply to Tom Ritter [:tjr] (OOTO until 1/4) from comment #0) One more API I forgot that needs a test is: CanvasRenderingContext2D.getImageData()
|
|
||
Comment 5•6 years ago
|
||
see https://github.com/ghacksuserjs/ghacks-user.js/issues/429 While that issue with the extension CanvasBlocker is reolved (kaspner coded around it), it brings up an interesting point, that IsPointinPath (and IsPointinStroke) are not *protected* by RFP like toDataURL (and maybe the others) are. This was in FF60 I hope that makes sense. In other words, when RFP canvas is spoofed, it ideally would be immunized from further spoofing by extensions. I do not know how this fits in with Bug 1412961 (FF61+) and Bug 1453916 (FF62+). i.e if an extension requests the canvas, do nothing. If web content requests the canvas, RFP kicks in and locks out extensions modifying it. Excuse my lack of terminology re origins and principals
|
|
||
Comment 6•6 years ago
|
||
comment 0 (blocked by RFP) > canvas.toDataURL > canvas.toBlob > canvas.mozGetAsFile > canvas.isPointInPath comment1 > getImageData (blocked RFP as per comment 2) > readPixels (? WebGL thing? open a new ticket) comment3 > isPointInStroke (blocked RFP) > measureText (not blocked by RFP) not mentioned, Canvas API allows - getContext - fillTest That makes 10 items
Regarding isPointInPath being not protected: they are in the same way the others are. It was a coding difference in CanvasBlocker that caused the different behaviour.
|
|
Reporter | |
Updated•6 years ago
|
Blocks: uplift_tor_fingerprinting
Whiteboard: [fingerprinting][gfx-noted] → [fingerprinting][gfx-noted][fp-triaged]
|
|
||
Comment 8•6 years ago
|
||
(In reply to Tom Ritter [:tjr] from comment #0)
I believe there are four APIs we trigger the permission prompt for:
- canvas.toDataURL
- canvas.toBlob
- canvas.mozGetAsFile
- canvas.isPointInPath
We should have a test case for each of them.
here are tests for all of them: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#canvas
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•