Open Bug 1507879 Opened 5 years ago Updated 1 year ago
Client Rects for fingerprinting
getClientRects and related APIs (at least Element.getBoundingClientRect and Element.clientWidth, Element.clientHeight but probably others) allow one to get precise measurements of how DOM nodes are rendered. This has fingerprinting implications. At the very least, fonts are a vector. (Tor fortunetly mitigates this.) There's rounding the content window at startup which is relevant too. But I'm wondering if there are other vectors. Like GPU rendering of a page perhaps? I compared TB8 and TB8.5 and got the same results on https://browserleaks.com/rects thankfully An early idea was to round or floor or ceil the results returned; however I don't think this is a good approach, as an attacker could just slowly increase size until the value increments, and learn the real value from that. CanvasBlocker randomizes the values (but doesn't change those three values that are only 2 decimal places) - looks like it fuzzes by +/- 0.100 (we could easily check the code on github) original ticket: https://github.com/kkapsner/CanvasBlocker/issues/236 other tickets / teething issues etc (as a heads up) https://github.com/kkapsner/CanvasBlocker/issues/275 (fixed) https://github.com/kkapsner/CanvasBlocker/issues/270 (breaks startpage, fixed) See Also: http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html P3 for now, but probably a P2.
FYI: a cleaner test page: https://canvasblocker.kkapsner.de/test/domRectTest.html
For some reasons LaTeX to pdf build is currently broken, so either build on a local machine, or read the source, or take the pdf from the latest successful build from gitlab mirror.
Whiteboard: [tor 18500][fingerprinting][fp-triaged] → [tor 29564][fingerprinting][fp-triaged]
You need to log in before you can comment on or make changes to this bug.