Route/highway symbols display incorrectly on google maps, with fingerprinting protection's canvas randomization (e.g. in private browsing windows, or with ETP set to STRICT)
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox123 | --- | wontfix |
People
(Reporter: rbucata, Unassigned)
References
(Blocks 2 open bugs, )
Details
(Keywords: priv-triaged)
Attachments
(3 files)
Environment:
Operating System: Windows 10 PRO x64
Firefox version: Firefox Nightly 125.0a1 (2024-02-28)
Preconditions:
ETP set to STRICT
Clean profile
Steps to reproduce:
- Navigate to : https://www.google.com/maps/@47.3273521,-116.8565889,9z?hl=en&entry=ttu
- Observe the symbols.
Expected Behavior:
The road-type symbols are rendered correctly
Actual Behavior:
The road-type symbols are rendered broken
Notes:
- Not reproducible with ETP STANDARD/ turned OFF
- Not reproducible with ETP OFF in Private mode (7/10 times)
- Works as expected using Chrome
- Seems more affected in Private Mode
- Screenshot attached
Reporter | ||
Comment 1•3 months ago
|
||
Comment 2•3 months ago
|
||
This is caused by canvas randomization.
Comment 3•1 month ago
•
|
||
I hit this today and nearly filed a bug about it, but found this existing bug.
This is reproducible by-default in Private Browsing windows, in current Firefox release and Nightly. (That's because fingerprinting protection is on by default for private browsing mode for release users as of bug 1849903, and fingerprinting protection turns on canvas randomization for release users as of bug 1858181.
The corruption looks different every time (my attached screenshot shows two different versions of the corruption from two different pageloads), but it's pretty much always corrupted and potentially unreadable -- e.g. in the top half of my screenshot, the gray "halos" around the white-oval highways are covering up the first digit. (73
is really 173
, 22
is really 122
, 11
is really 611
).
Comment 4•1 month ago
|
||
For folks hitting this bug and looking for a workaround, you can turn off the canvas randomization part of fingerprinting protection by creating a new about:config pref called privacy.fingerprintingProtection.overrides
with value -CanvasRandomization
. Specifically:
- Visit about:config
- Type or paste
privacy.fingerprintingProtection.overrides
into the search bar at the top of the page. - Click the pencil icon (at the right side of the empty search results) to create a pref with that name.
- Paste
-CanvasRandomization
into the textfield that appears.
Updated•1 month ago
|
Comment 5•1 month ago
|
||
[updating status for 123 from 'affected' to 'wontfix', since 123 has been obsoleted by the 124 release.]
timhuang: perhaps you (or someone you can suggest) could take a look at mitigating this and/or bump the severity? Depending on how the canvas-randomization arbitrarily shakes out for a given pageload, this bug makes Google Maps look pretty broken in Private Browsing windows, since it can cause road markers to be unreadable[1] and/or incorrect[2].
[1] bottom half of comment 3 screenshot shows an unreadable example -- the blue-shield "78" is missing the blue background
[2] top half of comment 3 screenshot shows an incorrect-label example -- the white labels with gray halos all have their first digit covered up, so the visible portion of the highway name is actually incorrect/incomplete.
Comment 6•1 month ago
|
||
In this case, the affected icons don't seem to be used for canvas fingerprinting. So, I think we can consider disabling canvas randomization for Google Maps if the canvas extraction is not used for canvas fingerprinting.
Tom, what do you think?
Comment 7•1 month ago
|
||
I started a thread in Slack on this, because I think it's concerning from a policy perspective. However, this is a bad usability regression and that's why we have the webcompat overrides, so yes I think this could be our first use of that.
Description
•