[tbb-bugs] #16336 [Tor Browser]: Make sure the User Timing API does not provide a new high resolution timestamp

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 24 08:59:50 UTC 2015


#16336: Make sure the User Timing API does not provide a new high resolution
timestamp
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  tbb-team
         Type:  task     |     Status:  new
     Priority:  normal   |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  ff38-esr, tbb-fingerprinting-time-
   Resolution:           |  highres, tbb-pref, MikePerry201506
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by mikeperry):

 * keywords:  ff38-esr, tbb-fingerprinting-time-highres => ff38-esr, tbb-
     fingerprinting-time-highres, tbb-pref, MikePerry201506


Comment:

 In fact this is a DOMHighresTimeStamp. Units are milliseconds, but
 resolution is at least microseconds (and even higher resolution for
 Mozilla Firefox, depending on CPU model).

 This API also allows content to store names for timers and timestamps (in
 what scope? who knows.. the [http://www.w3.org/TR/2013/REC-user-
 timing-20131212/#privacy-security privacy section of the W3C spec]
 basically just takes a shit on any privacy concerns), complicates things
 like #16110, and the API generally appears to be useless from a practical
 point of view.

 I say we disable it for now, and maybe even forever. The
 dom.enable_user_timing pref does in fact seem to work.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16336#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list