[tor-bugs] #13543 [Applications/Tor Browser]: HTML5 media support may lead to fingerprinting

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 16 12:18:44 UTC 2019


#13543: HTML5 media support may lead to fingerprinting
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting, ff68-esr,        |  Actual Points:
  TorBrowserTeam201910, tbb-9.0-must             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  tbb-fingerprinting, ff68-esr, TorBrowserTeam201910R,
     tbb-9.0-must => tbb-fingerprinting, ff68-esr, TorBrowserTeam201910,
     tbb-9.0-must
 * status:  needs_review => new


Comment:

 Replying to [comment:21 acat]:
 > I thought a bit more, I don't have a very strong opinion in favor of one
 or another, basically because I'm not sure how this API will be used by
 websites. But I think it may be better to be conservative and say it's not
 power efficient while it actually may be than the opposite. For `smooth`
 the same reasoning might apply, but *I think* it's not so common to find
 cases where the returned info is `(true, false, false)` (I did not find
 those in a couple of home machines, although it may be possible in slow
 machines).
 >
 > Since we have to pick one, I'm voting for `(true, true, false)`:
 https://github.com/acatarineu/tor-browser/commit/13543+2.

 Looks good to me. I cherry-picked your fixup to `tor-
 browser-68.1.0esr-9.0-3` (commit
 084aa467fafc8aee4c2fbb57e872096386aca775).

 I guess on hindsight I should have put the `MediaCapabilities` related
 work in a proper child ticket and treat this one as just a meta/parent
 one. We should review the HTML5 fingerprinting scope *here* and then file
 *child* tickets from now on. If we think we are good after review, let's
 close this bug.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13543#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list