Closed
Bug 1492766
Opened 6 years ago
Closed 6 years ago
Fingerprinting protection for pointerEvent.pointerid
Categories
(Core :: DOM: Events, enhancement, P2)
Core
DOM: Events
Tracking
()
RESOLVED
FIXED
mozilla65
Tracking | Status | |
---|---|---|
firefox65 | --- | fixed |
People
(Reporter: timhuang, Assigned: timhuang)
References
(Blocks 1 open bug)
Details
(Whiteboard: [fingerprinting][fp-triaged])
Attachments
(3 files)
According to the spec[1], the pointerid is not related to the pointer type. However, in practice, the pointerid could reveal the real pointer type. We should also spoof the pointerid when fingerprinting resistance is on. [1] https://www.w3.org/TR/pointerevents/#dom-pointerevent-pointerid
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → tihuang
Assignee | ||
Comment 1•6 years ago
|
||
This patch makes it to spoof the pointer id into mouse pointer id when resistfingerprinting is enabled. And we will only spoof for content but not for chrome. Since we don't know the pointer id beforehand, we have to cache the pointer id of the mouse interface when it is activated. And use that pointer for the purpose of fingerprinting resistance.
Assignee | ||
Comment 2•6 years ago
|
||
When fingerprinting resistance is enabled, content should only view the pointer capture events from the spoofed interface. In order to do so, first, we need to restrict content to only set or release pointer capture for only the spoofed pointer id. Second, we have to map other interfaces into the spoofed one for pointer capture events. Depends on D9531
Assignee | ||
Comment 3•6 years ago
|
||
This test add a check for pointer id to make sure it always reply the spoofed pointer id when resistfingerpritning is enabled. It also extend the original test of pointer capture events into a test which tests mouse and touch interfaces to make sure pointer capture events is correctly filed even with the spoofed interface id. In addition, it also adds test for that set/releasePointerCapture only accepts spoofed pointer id when fingerprinting resistance is enabled. Depends on D9532
Comment 4•6 years ago
|
||
Sorry for the delay to review. I'll try to review them next week.
Updated•6 years ago
|
Whiteboard: [fingerprinting] → [fingerprinting][fp-triaged]
Assignee | ||
Comment 5•6 years ago
|
||
Try looks good. https://treeherder.mozilla.org/#/jobs?repo=try&revision=82e59e5a06717e4b36903ad590c9e45606c13513
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a575162d9f5b Part 1: Spoofing the pointer id of pointer events when resistfingerprinting is enabled r=masayuki,smaug,arthuredelstein https://hg.mozilla.org/integration/autoland/rev/76017cad8320 Part 2: Makes the set/releasePointerCapture working properly when fingerprinting resistance is enabled r=masayuki,arthuredelstein,smaug https://hg.mozilla.org/integration/autoland/rev/d48ee9ed6819 Part 3: Update the test_pointer_event.html for test of pointer id spoofing r=masayuki,arthuredelstein
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a575162d9f5b https://hg.mozilla.org/mozilla-central/rev/76017cad8320 https://hg.mozilla.org/mozilla-central/rev/d48ee9ed6819
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Comment 8•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a575162d9f5b https://hg.mozilla.org/mozilla-central/rev/76017cad8320 https://hg.mozilla.org/mozilla-central/rev/d48ee9ed6819
You need to log in
before you can comment on or make changes to this bug.
Description
•