[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 30 09:42:56 UTC 2016
#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner:
Type: task | arthuredelstein
Priority: Very High | Status:
Component: Applications/Tor Browser | assigned
Severity: Critical | Milestone:
Keywords: tbb-fingerprinting-os, tbb-easy, | Version:
TorBrowserTeam201605 | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:25 arthuredelstein]:
> The Web Audio API looks to me like something that would only have
occasional legitimate uses. Most sites using audio do not need to do any
sound processing on the fly. Many games need only to play sound samples,
which can be done with <audio> elements and don't require Web Audio. Uses
for Web Audio I can think of include 3D games or other immersive content,
music sequencers or audio/video editing apps. So, because these are fairly
unusual, I think one efficient defense would be to prompt the user before
allowing content to instantiate an AudioContext object, very similar to
how we prompt before HTML5 Canvas image extraction (#6253).
I think the prompt is a good solution if indeed the Web Audio API reveals
more about a browser/machine/OS than the JS Math interface. If not, fixing
the JS Math interface should fix this problem? Not sure...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list