Open
Bug 1848022
Opened 2 years ago
Updated 2 years ago
[css-values] Use a different library for calc() functions to avoid fingerprinting
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
NEW
People
(Reporter: tlouw, Unassigned)
Details
One method of fingerprinting a browser to detect which CPU, OS or other identifiable pieces of data is through math functions. The result of a sin() or cos() function with fixed values can yield specific results on different platforms, thus identifying it.
For our calc() functions, the suggestion is to use the fdlibm library that is already in use by spidermonkey.
Also see: https://github.com/fingerprintjs/fingerprintjs/blob/7096a5589af495f1f46067963e13ad27d887d185/src/sources/math.ts#L36
..for examples of how fingerprinting can be done using these functions.
|
||
Comment 1•2 years ago
|
||
The severity field is not set for this bug.
:boris, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(boris.chiou)
|
||
Updated•2 years ago
|
Severity: -- → S3
Flags: needinfo?(boris.chiou)
You need to log in
before you can comment on or make changes to this bug.
Description
•