[tbb-dev] Canvas Breakage Ideas

Tom Ritter tom at ritter.vg
Sat May 2 04:03:25 UTC 2020

> --[ Response to comments on (2)
> I really like the "fingerprinting-tainting" idea. Perhaps it would be worthwhile
> to implement this behind a default-off pref and conduct a study (and, of course,
> try to attack it.)
> Tom: What do you think?

I think the idea that the sites might be doing drawImage -> toDataURL
is worth investigating.

I think we should try to implement the most conservative choice that
fixes these instances we know of; so I think the next step is to dig
into what's happening on these sites: what's written to the canvas,
and why/how they're extracting it.


More information about the tbb-dev mailing list