[tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 10 19:20:38 UTC 2014
#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
Reporter: | Owner: brade
mikeperry | Status: assigned
Type: task | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-fingerprinting,
Browser | TorBrowserTeam201409
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Kathy and I also reviewed the canvas APIs. Here are a few of our
observations:
* The willReadFrequently canvas option is disabled by default (the
gfx.canvas.willReadFrequently.enable pref must be added with the value
true) so we do not need to worry about this.
* We have not done anything to block use of isPointInPath() and
isPointInStroke(). Do we need to block these?
* We have not done anything to block use of measureText(). Theoretically,
it could be used to detect differences based on available fonts or
rendering differences. Do we need to block this?
* In ESR31, ToBlob() accepts options to allow callers to specify encoding
options such as JPEG quality. Kathy and I do not think this is a
fingerprinting vector since, by default, white image data is returned.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list