Matthew Finkel:
In light of WebGL extensions now being available [0] and other potential uses of WebGL for fingerprinting, I'd like to consider restricting access to the WebGL API in Tor Browser as a Privacy enhancement, and no longer as a Security enhancement.
One major usability (webcompat) issue I know about when WebGL usage requires click-to-play is Google Maps. Are there other popular sites that break when click-to-play is enabled that we should consider?
I know that hackerone.com was breaking in a way that's not obvious. That is when trying to log in nothing happened. One gets no hint and, worse, there is no way to click on anything to play.
I am skeptical about just making WebGL click-to-play. What we need as well is making sure that users can in *any* situation actually enable WebGL and getting some explanation about what is going on and giving some consent to the trade-off. That's a lot of work for causing webcompat issues.
I general I think going down the click-to-play route for privacy protection seems to be the wrong direction as our cpre Tor Browser feature is providing privacy by design to everyone by default. Suddenly starting to do click-to-play for privacy features does not look particular good.
If we are concerned about WebGL extensions and fingerprinting then we should just add them behind a pref again (maybe the RFP pref even), which should not be too hard in particular compared with the click-to-play work. If there are other vectors we are concerned with, then we should plug them, too.
Georg
Thanks, Matt
[0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40117 _______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev