[tbb-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 24 22:57:57 UTC 2016


#18390: PDF.js triggers canvas fingerprinting warning for some PDFs
-----------------------------+----------------------
     Reporter:  xcolour      |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+----------------------
 I'm seeing the canvas fingerprinting warning for some PDFs served by
 PDF.js in the latest version of the Tor Browser Bundle (5.5.2). It appears
 that this only happens with image-heavy PDFs.

 For example: https://www.aclu.org/foia-document/some-key-sso-cyber-
 milestone-dates-fall-2005.

 It looks like this was fixed in #10570 for the Firefox-local version of
 PDF.js, but (perhaps intentionally) not for PDF.js if it's being served by
 the website.

 We use the PDF.js provided via the "PDF" Drupal extension version
 "7.x-1.6" with PDF.js version "1.1.215".

 Is this a bug in Tor Browser's canvas fingerprinting detection, or is what
 PDF.js is doing simply indistinguishable from a fingerprinting attempt?

 I've also opened a ticket with the PDF.js team
 (https://github.com/mozilla/pdf.js/issues/7026).

 Thanks!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18390>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list