[tbb-bugs] #21792 [Applications/Tor Browser]: Make sure MediaError.message does not aid to fingerprinting

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 26 23:44:05 UTC 2017


#21792: Make sure MediaError.message does not aid to fingerprinting
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting,        |  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201704R      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):

 * keywords:  ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha =>
     ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha,
     TorBrowserTeam201704R
 * status:  new => needs_review


Comment:

 A MediaError object [https://developer.mozilla.org/en-
 US/docs/Web/API/MediaError#Properties contains] a single field,
 MediaError.code, with one of four possible values:

 {{{
 Name                         Val  Description
 MEDIA_ERR_ABORTED            1    The fetching of the associated resource
 was aborted by the user's request.
 MEDIA_ERR_NETWORK            2    Some kind of network error occurred
 which prevented the media from being successfully fetched, despite having
 previously been available.
 MEDIA_ERR_DECODE             3    Despite having previously been
 determined to be usable, an error occurred while trying to decode the
 media resource, resulting in an error.
 MEDIA_ERR_SRC_NOT_SUPPORTED  4    The associated resource or media
 provider object (such as a MediaStream has been found to be unsuitable.
 }}}

 Checking for a MEDIA_ERR_DECODE or MEDIA_ERR_SRC_NOT_SUPPORTED error in
 principle might say something about the user's codecs. On the other hand,
 there are other very easy ways to test whether a Media Element is playing
 or not, so I'm not sure we are providing much additional protection by
 hiding these error codes. We would be wise to ensure that the available
 codecs are standardized for Tor Browser for each platform (Linux, Mac,
 Windows, Android).

 Setting as review to see if my colleagues agree or disagree.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21792#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list