Open
Bug 755284
Opened 12 years ago
Updated 1 year ago
Fingerprintable information in update behavior
Categories
(Toolkit :: Application Update, defect, P3)
Toolkit
Application Update
Tracking
()
UNCONFIRMED
People
(Reporter: c142592, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: privacy, Whiteboard: [fingerprinting][fp-triaged][tor 6217])
If update checks are enabled, Firefox seems to perform them at exactly the interval specified in the app.update.interval preference. (Tested with a 120-second interval and leaving the browser running.) This leads to a minor potential way of fingerprinting users on anonymizing networks like Tor because output relays can observe an update check occurring at a precise second corresponding to a particular user. I realize this is a minor issue and difficult to exploit, but the solution is also appropriately minor. I assume it will be enough to simply randomize the scheduled time of next update (or the time stored in the lastUpdateTime settings, whichever) by up to 5% of the update interval. This fix will still preserve the user-set meaning of the app.update.interval setting, on average.
Comment 1•12 years ago
|
||
Interesting find. Yeah, throwing some randomness into the update interval seems like it should be simple and effective. Although I'm curious how effective tracking would be as-is... The browser itself will have some slop (ms?) in the timer firing, and I assume onion-routing adds lots of random latency (intentional or not). Should probably look at other things which update/ping in the background too, since they probably have the same issue. Maybe creating a TYPE_REPEATING_SLOPPY timer would be useful... :)
Component: General → Application Update
Keywords: privacy
Product: Firefox → Toolkit
QA Contact: general → application.update
Updated•11 years ago
|
Whiteboard: [fingerprinting]
Updated•7 years ago
|
Blocks: uplift_tor_fingerprinting
Updated•7 years ago
|
Priority: -- → P5
Updated•7 years ago
|
Whiteboard: [fingerprinting] → [fingerprinting][fp-triaged]
Updated•6 years ago
|
Whiteboard: [fingerprinting][fp-triaged] → [fingerprinting]
Updated•6 years ago
|
Priority: P5 → P3
Whiteboard: [fingerprinting] → [fingerprinting][fp-triaged]
Updated•4 years ago
|
Whiteboard: [fingerprinting][fp-triaged] → [fingerprinting][fp-triaged][tor 6217]
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
Updated•2 years ago
|
Severity: minor → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•