[tor-bugs] #22396 [Applications/Tor Browser]: What does "never for this site" for the canvas warning really mean?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 13 02:09:22 UTC 2017


#22396: What does "never for this site" for the canvas warning really mean?
--------------------------------------+--------------------------
 Reporter:  arma                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by teor):

 Replying to [comment:7 mcs]:
 > I think the NoScript analogy is a good one. Other things to consider:
 how often do people need to allow canvas data extraction for a site to
 work correctly?

 The most common use I've seen is a site that writes emoji, then looks to
 see if the font supports them, and enables image fallbacks if it does not.
 In this case, Tor Browser users should be fine (albeit slower) with the
 image fallbacks.

 > And do users expect the browser to remember these kind of permission
 decisions across sessions (and how do we weigh that against not writing to
 disk)?

 No, I expect Tor Browser to forget everything when I restart or get a new
 version.

 Even better: when users allow canvas image extraction, does it actually
 work?

 I've seen sites where I've allowed image extraction, and they still fail.
 Maybe this is because image extraction doesn't work in high security mode
 even when allowed?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22396#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list