[tbb-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 25 01:25:03 UTC 2016
#18390: PDF.js triggers canvas fingerprinting warning for some PDFs
-------------------------+---------------------------
Reporter: xcolour | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution: not a bug
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+---------------------------
Changes (by cypherpunks):
* status: new => closed
* resolution: => not a bug
Comment:
Replying to [ticket:18390 xcolour]:
> It looks like this was fixed in #10570 for the Firefox-local version of
PDF.js, but (perhaps intentionally) not for PDF.js if it's being served by
the website.
Naturally. Tor Project developers can only vouch for the code they ship,
not whatever any random website pushes to you.
> Is this a bug in Tor Browser's canvas fingerprinting detection, or is
what PDF.js is doing simply indistinguishable from a fingerprinting
attempt?
It is indistinguishable because fingerprinting is (potentially) what the
site is doing. Tor Browser cannot guess "intent" so it has to be
conservative and block access to canvas.
It's not a bug. Tor Browser is doing what it's supposed to do.
Now, if the pdf.js guys are willing to workaround it, they could try to
avoid looking "into" the canvas: no getImageData, no
to{Blob,Url,File,...}, etc.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18390#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list