[tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 17 04:30:42 UTC 2014
#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
Reporter: | Owner: brade
mikeperry | Status: assigned
Type: task | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-fingerprinting,
Browser | TorBrowserTeam201409
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gacar):
Replying to [comment:5 mcs]:
> Kathy and I also reviewed the canvas APIs. Here are a few of our
observations:
>
> * We have not done anything to block use of isPointInPath() and
isPointInStroke(). Do we need to block these?
>
I could not find any way to exploit those two for fingerprinting, but
better someone else give a shot too.
Some canvas fingerprinting scripts found to use isPointInPath() with
"even-odd" winding rule, but I think this was just to check browser
support - will be same for all TBs. Unless someone says "the internal
representations of the paths may depend on the graphics stack too!"
One could use these two functions to probe system fonts, if adding text to
the current path or stroke was possible. I tried `strokeText()` and
`fillText()` followed by `isPointInStroke()` and `isPointInPath()` but it
didn't work out.
> * We have not done anything to block use of measureText().
Theoretically, it could be used to detect differences based on available
fonts or rendering differences. Do we need to block this?
Wow, that's a good catch! I think this should certainly be blocked.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list