Open Bug 1922506 Opened 1 month ago Updated 12 hours ago

Move canvas renderings to an actor child from about:fingerprintingprotection

Categories

(Core :: Privacy: Anti-Tracking, task)

task

Tracking

()

ASSIGNED

People

(Reporter: fkilic, Assigned: fkilic)

Details

Attachments

(17 files, 1 obsolete file)

48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review
48 bytes, text/x-phabricator-request
Details | Review

Hidden browser isn't able get accelerated canvas, so we will move the collection to an actual window.

Assignee: nobody → fkilic
Status: NEW → ASSIGNED
Attachment #9428852 - Attachment description: Bug 1922506: Move canvas renderings to an actor child. r?tjr → Bug 1922506: Implement UserCharacteristicsCanvasRenderingChild to render canvases in an actor canvas. r?tjr

This can happen if the function that registered the window actor times out

Attachment #9431969 - Attachment description: WIP: Bug 1922506: Windows WebGL software rendering fixup → WIP: Bug 1922506: WGL software rendering fixup
Attachment #9431995 - Attachment description: WIP: Bug 1922506: EGL Fixup → WIP: Bug 1922506: EGL software rendering fixup
Attachment #9431969 - Attachment description: WIP: Bug 1922506: WGL software rendering fixup → Bug 1922506: WGL software rendering fixup. r?tjr
Attachment #9431995 - Attachment description: WIP: Bug 1922506: EGL software rendering fixup → Bug 1922506: EGL software rendering fixup. r?tjr
Attachment #9432110 - Attachment description: WIP: Bug 1922506: Request EGL if forbid hardware is true → Bug 1922506: Request EGL if forbid hardware is true. r?tjr
Attachment #9432111 - Attachment description: WIP: Bug 1922506: GLX software rendering fix up → Bug 1922506: GLX software rendering fix up. r?tjr
Attachment #9431932 - Attachment description: Bug 1922506: improve error handling. r?tjr → Bug 1922506: Improve error handling. r?tjr
Attachment #9432818 - Attachment description: WIP: Bug 1922506: Update base64 and size of canvas3 → Bug 1922506: Update base64 and size of canvas3. r?tjr

DATA REVIEW REQUEST

  1. What questions will you answer with this data?

How unique is user's webgl info.

More generally: What is the most productive use of engineering time to make fingerprinting an ineffective method of tracking users? As detailed in https://bugzilla.mozilla.org/show_bug.cgi?id=1879151

  1. Why does Mozilla need to answer these questions? Are there benefits for users?
    Do we need this information to address product or business requirements?

We want to improve our fingerprinting defenses. We don't want to guess at what will make an improvement, so we want to make a decision based on data. We also want to know how much of an improvement we have made, so we can state it and know how much further we have to go.

  1. What alternative methods did you consider to answer these questions?
    Why were they not sufficient?

We considered privacy preserving metric collection (DAP), collecting it indirectly (e.g. via hashes of the data), using exisiting (lmited) data we currently collect, not collecting the data at all and using academic literature. These options are detailed in https://docs.google.com/document/d/1m_j0BQEprQleRHZ7tVT7mG-krc8UA171GD5Vl6gZbL0/edit

  1. Can current instrumentation answer these questions?

As detailed in https://docs.google.com/document/d/1m_j0BQEprQleRHZ7tVT7mG-krc8UA171GD5Vl6gZbL0/edit - some attributes are collected by current instrumentation. However, using this data (and not using the other data we don't collect) will give an incomplete picture that may mislead us into choosing a task that does not make an appreciable change for users. We will also be unable to accurately state the improvement we have made.

  1. List all proposed measurements and indicate the category of data collection for each
    measurement, using the Firefox data collection categories found on the Mozilla wiki.
Measurement Name Measurement Description Data Collection Category Tracking Bug
characteristics.gl_version_software The version of OpenGL supported by the user's system. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_extensions_software The list of OpenGL extensions supported by the user's system. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_extensions_raw_software The raw list of OpenGL extensions supported by the user's system. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_renderer_software The OpenGL renderer string. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_renderer_raw_software The raw OpenGL renderer string. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_vendor_software The OpenGL vendor string. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_vendor_raw_software The raw OpenGL vendor string. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_version_raw_software The raw OpenGL version string. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_fragment_shader_software Hash of the transformed source of the fragment shader. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_vertex_shader_software Hash of the transformed source of the vertex shader. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_minimal_source_software Transformed source of the minimal shader. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_params_extensions_software The list of GL parameters of the extensions. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_params_v1_software The list of GL parameters of GL1. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_params_v2_software The list of GL parameters of GL2. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_precision_fragment_software Precisions of the fragment shader. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_precision_vertex_software Precisions of the vertex shader. technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
  1. Please provide a link to the documentation for this data collection which
    describes the ultimate data set in a public, complete, and accurate way.

This collection is Glean so is documented in the Glean Dictionary.

  1. How long will this data be collected?

This collection will be collected permanently.
tom@mozilla.com will be responsible for the permanent collections.

  1. What populations will you measure?

All channels, countries, and locales. No filters.

  1. If this data collection is default on, what is the opt-out mechanism for users?

These collections are Glean. The opt-out can be found in the product's preferences.

  1. Please provide a general description of how you will analyze this data.

The general question is "What engineering tasks should we do". To determine that, we will answer sub-questions like:

  • How many users are uniquely identifiable via fingerprinting?
  • For the users who are not, how large a cohort are they bucketed into?
  • What attributes contribute the most to making users unique, or placing them in small buckets
  • What attributes correlate with each other, such that we would need to address them in tandem
  1. Where do you intend to share the results of your analysis?

We hope to publish an academic paper, actually, as this is a significant contribution to the topic of browser fingerprinting. We can also expect to do a blog post. The decisions about what engineering tasks we choose to do to decrease the uniqueness of our users will be filed as Bugzilla Bugs that will contain descriptions of why this is the engineering task to do.

  1. Is there a third-party tool (i.e. not Glean or Telemetry) that you
    are proposing to use for this data collection?

No.

DATA REVIEW REQUEST

  1. What questions will you answer with this data?

How unique is user's webgl info.

More generally: What is the most productive use of engineering time to make fingerprinting an ineffective method of tracking users? As detailed in https://bugzilla.mozilla.org/show_bug.cgi?id=1879151

  1. Why does Mozilla need to answer these questions? Are there benefits for users?
    Do we need this information to address product or business requirements?

We want to improve our fingerprinting defenses. We don't want to guess at what will make an improvement, so we want to make a decision based on data. We also want to know how much of an improvement we have made, so we can state it and know how much further we have to go.

  1. What alternative methods did you consider to answer these questions?
    Why were they not sufficient?

We considered privacy preserving metric collection (DAP), collecting it indirectly (e.g. via hashes of the data), using exisiting (lmited) data we currently collect, not collecting the data at all and using academic literature. These options are detailed in https://docs.google.com/document/d/1m_j0BQEprQleRHZ7tVT7mG-krc8UA171GD5Vl6gZbL0/edit

  1. Can current instrumentation answer these questions?

As detailed in https://docs.google.com/document/d/1m_j0BQEprQleRHZ7tVT7mG-krc8UA171GD5Vl6gZbL0/edit - some attributes are collected by current instrumentation. However, using this data (and not using the other data we don't collect) will give an incomplete picture that may mislead us into choosing a task that does not make an appreciable change for users. We will also be unable to accurately state the improvement we have made.

  1. List all proposed measurements and indicate the category of data collection for each
    measurement, using the Firefox data collection categories found on the Mozilla wiki.
Measurement Name Measurement Description Data Collection Category Tracking Bug
characteristics.gl_context_type The type of the GL context (EGL, GLX, WGL, etc). technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
characteristics.gl_context_type_software The type of the GL context (EGL, GLX, WGL, etc). technical https://bugzilla.mozilla.org/show_bug.cgi?id=1922506
  1. Please provide a link to the documentation for this data collection which
    describes the ultimate data set in a public, complete, and accurate way.

This collection is Glean so is documented in the Glean Dictionary.

  1. How long will this data be collected?

This collection will be collected permanently.
tom@mozilla.com will be responsible for the permanent collections.

  1. What populations will you measure?

All channels, countries, and locales. No filters.

  1. If this data collection is default on, what is the opt-out mechanism for users?

These collections are Glean. The opt-out can be found in the product's preferences.

  1. Please provide a general description of how you will analyze this data.

The general question is "What engineering tasks should we do". To determine that, we will answer sub-questions like:

  • How many users are uniquely identifiable via fingerprinting?
  • For the users who are not, how large a cohort are they bucketed into?
  • What attributes contribute the most to making users unique, or placing them in small buckets
  • What attributes correlate with each other, such that we would need to address them in tandem
  1. Where do you intend to share the results of your analysis?

We hope to publish an academic paper, actually, as this is a significant contribution to the topic of browser fingerprinting. We can also expect to do a blog post. The decisions about what engineering tasks we choose to do to decrease the uniqueness of our users will be filed as Bugzilla Bugs that will contain descriptions of why this is the engineering task to do.

  1. Is there a third-party tool (i.e. not Glean or Telemetry) that you
    are proposing to use for this data collection?

No.

WSI_INFO is also very similar to this, but WSI_INFO contains a lot of info that we already collect, also there's a note about old Android devices crashing when queried, see https://searchfox.org/mozilla-central/rev/dca2603d55b5b39d3b8ab8e93c08b42563f5aad8/gfx/gl/GLContextProviderEGL.cpp#581-585

Attachment #9432818 - Attachment description: Bug 1922506: Update base64 and size of canvas3. r?tjr → Bug 1922506: Update base64 canvas3. r?tjr
Attachment #9435851 - Attachment is obsolete: true
Pushed by fkilic@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/54f6a55f077b Implement CanvasRenderingContext2D::GetDebugInfo. r=tjr,jgilbert,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/71ad1af83798 Implement UserCharacteristicsCanvasRenderingChild to render canvases in an actor canvas. r=tjr https://hg.mozilla.org/integration/autoland/rev/26717f25380d Move rendering instructions to actor (just copy + paste). r=tjr https://hg.mozilla.org/integration/autoland/rev/72a97745d6de Change actor messages to queries and reattempt rendering if it fails. r=tjr https://hg.mozilla.org/integration/autoland/rev/58ca4b4ddd1a Improve error reporting. r=tjr https://hg.mozilla.org/integration/autoland/rev/7e1b5399826c Double deregister to ensure we don't leave any window actors. r=tjr https://hg.mozilla.org/integration/autoland/rev/355dd07c36a4 Improve error handling. r=tjr https://hg.mozilla.org/integration/autoland/rev/779cc3d4d972 Tree-shake gl-matrix. r=tjr https://hg.mozilla.org/integration/autoland/rev/0e37aed34cfd WGL software rendering fixup. r=jgilbert,tjr https://hg.mozilla.org/integration/autoland/rev/755664733050 EGL software rendering fixup. r=jgilbert https://hg.mozilla.org/integration/autoland/rev/e21674489b6c Request EGL if forbid hardware is true. r=jgilbert https://hg.mozilla.org/integration/autoland/rev/e2f3ebe49fcf GLX software rendering fix up. r=jgilbert https://hg.mozilla.org/integration/autoland/rev/bb3750f2dd54 Update base64 canvas3. r=tjr https://hg.mozilla.org/integration/autoland/rev/4cc4f3c552f5 Collect webgl software renderer info. r=tjr https://hg.mozilla.org/integration/autoland/rev/436ba666d8d0 Implement MOZ_debug.CONTEXT_TYPE extenstion. r=tjr,jgilbert,webidl,saschanaz https://hg.mozilla.org/integration/autoland/rev/6c65c91ac5eb Collect MOZ_debug.CONTEXT_TYPE. r=tjr

I'll take a look into it thank you!

Flags: needinfo?(fkilic)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: