[tor-bugs] #7084 [Firefox Patch Issues]: ‘Canvas image extraction prompt’ displays useless message

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 15 23:02:10 UTC 2013


#7084: ‘Canvas image extraction prompt’ displays useless message
-------------------------------------+--------------------------------------
    Reporter:  rransom               |       Owner:  mikeperry
        Type:  defect                |      Status:  closed   
    Priority:  normal                |   Milestone:           
   Component:  Firefox Patch Issues  |     Version:           
  Resolution:  not a bug             |    Keywords:           
      Parent:                        |      Points:           
Actualpoints:                        |  
-------------------------------------+--------------------------------------
Changes (by mikeperry):

  * status:  reopened => closed
  * resolution:  => not a bug


Comment:

 It is not about the icon. That is just where the warning appears. The HTML
 Canvas is a general purpose rendering surface. We display the warning if
 websites attempt to render image data and then silently extract it,
 because this is a major, high-entropy, highly stable fingerprinting
 vector.

 However, eliminating this warning entirely makes it impossible to use web-
 based image editing tools. Sure, these tools might not be prevalent or
 popular now aside from lolcat generation, but silently breaking them for
 everyone is not a long-term solution either.

 If there really are first/third parties that are drawing to the canvas and
 silently extracting that data for whatever use, this is something we
 should bring to the attention of the EFF and other anti-fingerprinting web
 advocates so they can pressure those sites to stop that activity. That is
 the right way to handle these messages.

 I've updated #7265 to hopefully reduce the prevalence of the message (we
 can probably simply block third parties and just log, for example) and
 make it easier to determine the actual offending party. That ticket is on
 the schedule for the next few months.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7084#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list