Open Bug 2036879 Opened 15 days ago Updated 8 days ago

Address Graphics-Heavy Website Vendor/Renderer detection

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
enhancement

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

Google Maps reads the WebGL Unmasked Renderer and uses it to change behavior. Obviously this has implications for changing this value with fingerprinting protections.

AI reverse engineered a short browsing session and determined:

  • WEBGL_debug_renderer_info is read once and used to decide whether the GPU is good enough to use the WebGL pipeline
  • maps will:
    • Refuse WebGL on a hard-coded 15-entry GPU deny-list (software rasterizers + ancient Intel chipsets + Adreno 680).
    • Refuse WebGL on Intel Q45 under IE/Firefox
    • Refuse WebGL on AMD GPUs under Chrome on macOS unless the backend is ANGLE-Metal (Apple Silicon).
    • Detect the Apple-Silicon ANGLE-Metal backend via the substring "ANGLE Metal" so that subsequent code can branch
  • They'll send some telemetry based on what they see, what they did, errors they encoutered, etc
  • They have a normalization function that takes the raw string and converts it:
raw _.KR Xkh()_.Apc
"ANGLE (Intel, Intel(R) G45 Express Chipset Direct3D11 vs_5_0 ps_5_0)" "Intel G45"
"AMD Radeon R9 200 Series" "AMD Radeon R9" (captured value)
"NVIDIA GeForce GTX 1080/PCIe/SSE2" "nVidia geForce GTX 1080"
"Mesa DRI Intel(R) HD Graphics 5500" "Intel HD 5500"
"Google SwiftShader" "swiftshader"
(anything unrecognized) first 100 chars of lowercased raw
  • Deny list:
Ykh = "swiftshader;software adapter;llvmpipe;microsoft basic render driver;
       vmware svga 3d;Intel 965GM;Intel B43;Intel G41;Intel G45;Intel G965;
       Intel GMA 3600;Intel Mobile 4;Intel Mobile 45;Intel Mobile 965;
       Qualcomm Adreno 680".split(";");

To avoid Google Maps giving us an issue, while respecting their choices we could exempt google.com from the specific protection, or we could change our spoofing to replicate their logic and return either "Mozilla" or "Mozilla Foo" where Foo could be "Swiftshader", or "llvmpipe" as two pretty generic choices. I'm going to investigate a little bit more.

Depends on: 2036881
No longer depends on: 2036881

I tested a few other websites and found two other instances of WebGL Renderer changing the site behavior. One 3d modeling website would detect only a specific GPU (Mali-G72) that was known to be buggy. Another maps website had a more complex calculation involving CPU core count and DPR to classify users into a low, mid, and high tier that would adjust what type of tiles they would receive.

Summary: Address Google Maps Vendor/Renderer detection → Address Graphics-Heavy Website Vendor/Renderer detection
You need to log in before you can comment on or make changes to this bug.