[tbb-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 23 14:47:06 UTC 2019


#26607: verify that subpixel accuracy of window scroll properties does not add
fingerprinting risk
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting, ff60-esr,        |  Actual Points:
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:21 acat]:
 > Replying to [comment:20 Thorin]:
 > > more from Arthur, including an old patch/solution:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 "some chrome code may
 be incorrectly receiving spoofed devicePixelRatio"
 > Thanks, although I think that one refers to the fact that
 devicePixelRatio should not be spoofed internally in Firefox privileged
 pages. Here the problem is that it can be guessed in normal pages (via
 some side-channels) and it should not.
 >
 > Perhaps this one could be closed as duplicate of #29564, since
 everything that can be measured via `window.scrollXY` can also be obtained
 via `document.body.getBoundingClientRect()` or similar.

 It seems to me the subpixel issue is just one of a bunch of factors that
 make it possible to use `DOMRect` etc. for fingerprinting, no? In that
 case it's not really a duplicate, more a child bug if we want.

 > For the concrete case of using the scroll+(getClientRects or scrollY) to
 guess the real `window.devicePixelRatio`, I do not see a good solution.
 Rounding values does not solve it completely because it should be possible
 to slowly nudge elements to guess the actual subpixel value (as suggested
 by @tom in an email). Another possibility could be to make sure scroll is
 done in "CSS pixels" (currently scroll seems to be done in "physical
 pixels", 1 scroll pixel is 1/devicePixelRatio CSS pixels, and that's where
 the measured subpixel values come from). If we think this is critical
 enough perhaps the effort might be justified, but not sure.

 Hm. I'd not be opposed to test the latter. However, maybe we could ni?
 some knowledgeable Mozilla folks on bug 1542676 (or a more appropriate
 one, if there is any), asking whether that's a smart idea or what else we
 should do here?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26607#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list