[tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 22 06:21:22 UTC 2019
#30541: webgl readPixels FP entropy
-------------------------------------------------+-------------------------
Reporter: Thorin | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting, | Actual Points:
TorBrowserTeam201905R, GeorgKoppen201905 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:7 Thorin]:
> Replying to [comment:6 cypherpunks]:
> > Also your test shows...webgl2: supported.. But `webgl2` shouldn't be
allowed.
>
> Thanks. If the browser reports that webgl2 is supported, that's one bit
of entropy. I'll double check with some tests and kkapsner (it's his
code), opened an issue [1]. This is a browser level API check
>
> What the browser does in a test after that can provide more entropy: e.g
error entropy (e.g blocked at a different step of the process: e.g slider
settings, click to play, extension interference, etc), or provide a hash
>
> Not sure if meant the API check is flawed, or if TB blocks `WebGL2`.
We explicitly set `webgl.enable-webgl2` to `false` to make sure no WebGL2
APIs are accessible.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30541#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list