[tor-bugs] #1517 [Tor Browser]: Provide JS with reduced time precision

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 23 03:12:17 UTC 2015


#1517: Provide JS with reduced time precision
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:
  mikeperry              |     Status:  new
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  backport-to-mozilla, tbb-torbutton,
    Component:  Tor      |  tbb-fingerprinting-time-highres, ff38-esr,
  Browser                |  TorBrowserTeam201504R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:  10       |
-------------------------+-------------------------------------------------
Changes (by mikeperry):

 * keywords:  backport-to-mozilla, tbb-torbutton, tbb-fingerprinting-time-
     highres =>
     backport-to-mozilla, tbb-torbutton, tbb-fingerprinting-time-highres,
     ff38-esr, TorBrowserTeam201504R


Comment:

 This turned out to be easier to do than I expected. Also, given
 http://arxiv.org/pdf/1502.07373v2.pdf (Aka "The Spy in the Sandbox"), we
 may want to do this sooner rather than later (ie for 5.0a1).

 Here's a patch that should make all JS clock sources and event timestamps
 have 100ms resolution, except for keypress events, which should have 250ms
 resolution: https://gitweb.torproject.org/user/mikeperry/tor-
 browser.git/commit/?h=bug1517. It also clamps internal usage of
 DOMHighResTimestamps to 1 microsecond, to avoid internal sidechannels and
 other leaks.

 Note that this patch does not alter event delivery or interval timer
 invocation in any way, as I expect that altering event delivery and timer
 invocation will break more things (especially twitch games and
 video/animation) than simply messing with Javascript's notion of wall-
 clock time. I chose 100ms resolution because it seemed like a very large
 granularity while still being on the edge of human perception. We'll need
 to test this on a bunch of Javascript games, HTML5 animation sites, and
 lots of HTML5 video, but hey, at least that will be fun! :)

 We'll also want to keep a close eye on this for ff38-esr, as I bet more
 events/time sources were added since FF31.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1517#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list