[tbb-bugs] #26606 [Applications/Tor Browser]: investigate fingerprinting and linkability risks of the Intersection Observer API

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Aug 26 05:45:26 UTC 2018


#26606: investigate fingerprinting and linkability risks of the Intersection
Observer API
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting, tbb-             |  Actual Points:
  linkability, ff60-esr, TorBrowserTeam201808    |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by Thorin):

 This is a no brainer. Disable it, IMO

 https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js
 {{{
 /* 2426: disable Intersection Observer API (FF53+)
  * Almost a year to complete, three versions late to stable (as default
 false),
  * number #1 cause of crashes in nightly numerous times, and is
 (primarily) an
  * ad network API for "ad viewability checks" down to a pixel level
  * [1]
 https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
  * [2] https://w3c.github.io/IntersectionObserver/
  * [3] https://bugzilla.mozilla.org/1243846 ***/
 user_pref("dom.IntersectionObserver.enabled", false);
 }}}

 down to a pixel level ... a. pixel. level

 PS: since we added this to our user.js back in 53 (16 months ago), we've
 had zero issues or complaints about website breakage etc

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26606#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list