[tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 17 11:21:54 UTC 2015 

#17446: Canvas image extraction prompt logic
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Medium                               |         Status:
Component:  Tor Browser                          |  needs_information
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-fingerprinting,                  |        Version:
  PearlCrescent201511R, TorBrowserTeam201511R    |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------

Comment (by gk):

 It seems my comment:14 has been a bit dense. So here is what I thought the
 former behavior is/was (which seems to me some kind of binding the canvas
 extraction to the URL bar domain): Given three distinct domains A, B and
 C.

 Scenario 1: vanilla Tor Browser, first-party domain A with no script
 trying to extract image data, third-party domain B and the script on B
 wants to extract image data from the canvas. Result: that is not going to
 happen and there will be no prompt, only some logs about this in the
 console.

 Scenario 2: like scenario 1 but now A got granted the permission to
 extract the data previously. Result: the script on B is allowed too,
 nothing is logged to the console.

 Scenario 3: scenario 2 happened a while ago. Now, the user is visiting C
 which includes B as third-party domain. Result: the same like in scenario
 1

 Scenario 4: like scenario 3 but now C got granted the permission to
 extract the data previously.
 Result: the script on B is allowed too, nothing is logged to the console.

 Now, this looks like the permission and hence the canvas extraction is
 bound to the URL bar domain (and whether that extracts canvas data, too,
 and is allowed to) which seems, at first glance, to fit neatly to our
 efforts to thwart cross-domain linking. But then there is mainly a) in
 comment:14 speaking against that impression. And b) and c) cast even more
 doubt whether we should stick to the old patch being specified in our
 design document.

 (I hope my thoughts are clearer now. :) )

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17446#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list