[tor-bugs] #10286 [Applications/Tor Browser]: Touch events leak absolute screen coordinates

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 3 19:38:54 UTC 2017 

#10286: Touch events leak absolute screen coordinates
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-resolution,       |  Actual Points:
  ff52-esr, tbb-testcase, tbb-firefox-patch,     |
  tbb-7.0-must-alpha, TorBrowserTeam201705R      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):

 * keywords:
     tbb-fingerprinting-resolution, ff52-esr, tbb-testcase, tbb-firefox-
     patch, tbb-7.0-must-alpha, TorBrowserTeam201705
     =>
     tbb-fingerprinting-resolution, ff52-esr, tbb-testcase, tbb-firefox-
     patch, tbb-7.0-must-alpha, TorBrowserTeam201705R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:28 gk]:

 > I think the approach is okay for now. We might want to think harder
 whether we want to enable touch support in the future by default and rely
 only on the spoofing.
 >
 > Arthur: Did you run the test? It seems it passes/fails depending on the
 platform which seems suboptimal. If that's the case can you fix that?

 I ran the test on a Linux box with no touch screen. I expect the test to
 pass on every platform, because the TouchEvent is synthetic (not dependent
 on hardware).

 > Then there is a typo: 100286 (we don't have 6-digit bug numbers yet). I
 got confused by the pointer event references, in particular
 https://bugzilla.mozilla.org/show_bug.cgi?id=1000870 in the test. Is that
 the way to write tests for touch event related things?

 Sorry, I left these in inadvertently. I removed the last references to
 pointer events and fixed the typo and link. I also did some extra cleanup.

 Here's the new version (3 patches as before):
 https://github.com/arthuredelstein/tor-browser/commits/10286+3

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10286#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list