Open Bug 1562290 Opened 6 years ago Updated 2 years ago

Need a mechanism to limit gyroscope data leakage for fingerprinting

Categories

(GeckoView :: General, enhancement, P3)

Product:
GeckoView
Component:
General
Version:
68 Branch
Platform:
ARM64
Android
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: colee, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting])

Our site permissions model does not currently seem to cover the gyroscope sensor. At least one user on Fenix 1.0 brought up the fact that the gyroscope can be used for browser fingerprinting. There should be some API mechanism for apps to control the gyro and similar onSensorChanged events.

There's a bunch of stuff exposed right now that can be used for fingerprinting. The mitigations for these are extensive. I'm not sure if it will make much sense to plug a single hole here. Ethan, maybe you or someone on your team has some guidance?

Flags: needinfo?(ettseng)

(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #1)

There's a bunch of stuff exposed right now that can be used for fingerprinting. The mitigations for these are extensive. I'm not sure if it will make much sense to plug a single hole here. Ethan, maybe you or someone on your team has some guidance?

We have implemented a lot of anti-fingerprinting patches to mitigate browser fingerprinting. All of them are being tracked under the meta bug 1329996 and controlled by a single pref "privacy.resistFingerprinting", which is off by default on Firefox.
Enabling resistFingerprinting will cause breakages. Even though we have also fixed a bunch of breakages (meta bug 1507517), there're still many remaining ones that would hamper the user experience.

I am wondering if we can test resistFingerprinting on GeckoView by simply flipping the pref.

Blocks: uplift_tor_fingerprinting
Flags: needinfo?(ettseng)
Whiteboard: [fingerprinting]

BTW, we have a wiki page which provides an overview of fingerprinting resistance features.
https://wiki.mozilla.org/Security/Fingerprinting

This bug refers to the default behavior of the browser and not the resist fingerprinting setting.

At present we haven't figured out a path forward for this, although it is on our radar...

No longer blocks: uplift_tor_fingerprinting
See Also: → 1276177
See Also: → 1562110
See Also: 1562110

P3 until we have a plan for addressing fingerprinting outside resistFingerprinting mode on mobile.

Priority: -- → P3
Summary: Need a mechanism to limit gyroscope data leakage → Need a mechanism to limit gyroscope data leakage for fingerprinting

Which of the Sensor APIs are supported in Fenix? It would be good to spoof or disable these when the resistFingerprinting pref is enabled.

(In reply to Arthur Edelstein [:arthur] from comment #7)

Which of the Sensor APIs are supported in Fenix? It would be good to spoof or disable these when the resistFingerprinting pref is enabled.

AFAIK, GeckoView (and thus Fenix) supports all the same sensor APIs as desktop Firefox. I would expect the resistFingerprinting pref checks in core Gecko to work in GeckoView on Android.

IMHO: all sensor APIs should be just deprecated and removed.

Blocks: 1276177
Severity: normal normal → S3 S3

Tasks and enhancements should have severity N/A.

Severity: S3 → N/A
You need to log in before you can comment on or make changes to this bug.