[tor-bugs] #6370 [Tor bundles/installation]: Enable WebGL
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Jul 10 19:16:02 UTC 2012
#6370: Enable WebGL
--------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor bundles/installation | Version:
Keywords: MikePerry201207 | Parent:
Points: 1 | Actualpoints:
--------------------------------------+-------------------------------------
In #3323, we reviewed WebGL for API-based fingerprinting issues. The
conclusion is that if we set webgl.min_capability_mode and webgl.disable-
extensions, our primary API-level fingerprinting concerns are addressed.
Additionally, #6253 lists another related fingerprinting defense to
rendering vectors (#6041), but so long as WebGL remains click-to-play, I
think #6253 is not a blocker to enabling WebGL in a click-to-play limited
sense.
However, I am still terrified by the vulnerability surface represented by
WebGL on the graphics driver end. Because much of that code lives in
kernel or at least at UID 0 priv level, it will prove very difficult to
actually properly sandbox.. Worse, many drivers are very likely not
network-hardened or designed to handle untrusted input. See also:
http://www.contextis.com/resources/blog/webgl/
Hence, I think WebGL will probably have to remain a second-class click-to-
play tech for the foreseeable future, even if "enabled".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6370>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list