[tor-bugs] #7265 [Firefox Patch Issues]: Only display Canvas message for first parties; simply log third parties

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 20 01:01:32 UTC 2014 

#7265: Only display Canvas message for first parties; simply log third parties
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  enhancement          |     Status:  needs_review
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-bounty, TorBrowserTeam201408,
Actual Points:                       |  MikePerry201408R
       Points:                       |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by isis):

 Replying to [comment:10 mikeperry]:
 > Hrmm, well if there are third parties actually doing this to track
 people, perhaps we do want this doorhanger to bring it to their attention,
 and also log the actual url/script responsible as well..
 >
 > I can try to fix this up around September.

 I've revised Pearl Crescent's logging patch to log ''all'' attempts to
 access HTML5 canvas data, not ''only'' log third parties. My revision is
 in my `bug12684-with-bug7265-patch` [https://github.com/isislovecruft/tor-
 browser/compare/bug12684-with-bug7265-patch?expand=1 branch], and it's
 based on my changes for #12684.

 I've tested it, and I think it still needs revision, as
 {{{firstPartySpec.get()}}} and {{{docSpec.get()}}} always seem to produce
 the ''same'' value (at least in the ~10 websites I tested). I know that
 some of these are third party scripts trying to access the canvas, and
 others are possibly third party sourced into the first party's domain,
 others are first party... meaning that this patch as it stands is unable
 to detect the difference, and users are still shown the HTML5 canvas
 permissions popup.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7265#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list