Security/Fingerprinting

From MozillaWiki
Jump to: navigation, search

Cross-Origin Fingerprinting Unlinkability

The anti-fingerprinting project is part of the Tor Uplift project.
Its goal is to build up the same level of fingerprinting resistance as the Tor Browser in Firefox.
Refer to the design and implementation document of the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

Bug Tracking

All fingerprinting bugs are being tracked under the meta bug:
bug 1329996 - [META] Support anti-fingerprinting protection

Priority Definition

  • P1: MVP (Minimum Viable Product)
  • P2: Nice to Have
  • P3: Backlog
  • Any bug which is marked as [fp:m1-3] in the Whiteboard is also MVP, regardless of its Priority

Whiteboard Definition

  • [fingerprinting]: Indicate this is a fingerprinting bug
  • [fp:m1]: Target milestone is M1 (2017-06-12 Firefox 55)
  • [fp:m2]: Target milestone is M2 (2017-08-07 Firefox 56)
  • [fp:m3]: Target milestone is M3 (2017-09-25 Firefox 57)
  • [fp-backlog]: Backlog bugs

Dashboard

MVP: M1 Bugs List (2017-06-12 Firefox 55)

ID Summary Status Product Component Assigned to Depends on Whiteboard
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true RESOLVED Core DOM Chris Peterson [:cpeterson] 1217238 [tor 21675][fingerprinting][fp:m1]
1345322 Create the preference privacy.resistFingerprinting in firefox.js RESOLVED Firefox Preferences Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) ASSIGNED Core Canvas: 2D Jonathan Hao [:jhao] 1260931 [tor][fingerprinting][fp:m1]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) RESOLVED Core JavaScript: Standard Library Jonathan Hao [:jhao] [fingerprinting][tor][fp:m1]
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] RESOLVED Core XUL Tim Huang[:timhuang] 1353894, 1355717, 1364398, 1352141, 1352305 [fingerprinting][tor][fp:m1]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] RESOLVED Core General Tim Huang[:timhuang] [fingerprinting][tor 16622][fp:m1]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns RESOLVED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]

7 Total; 1 Open (14.29%); 6 Resolved (85.71%); 0 Verified (0%);


MVP: M2 Bugs List (2017-08-07 Firefox 56)

ID Summary Status Product Component Assigned to Depends on Whiteboard
863246 resource:// URIs leak information (Tor 8725) ASSIGNED Core Security Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] RESOLVED Core GFX: Color Management Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true NEW Core DOM: Device Interfaces Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
1369357 Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true NEW Firefox General Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m2]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) NEW Core Canvas: WebGL Jeff Gilbert [:jgilbert] [tor][tor-standalone][fingerprinting][fp:m2]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting ASSIGNED Firefox Preferences Jonathan Hao [:jhao] [tor][fingerprinting][fp:m2]
1369327 Making reader view users uniform when 'privacy.resistFingerprinting' is true NEW Toolkit Reader Mode Jonathan Hao [:jhao] [fingerprinting][tor][fp:m2]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled NEW Core Web Speech [tor][fingerprinting][fp:m2]
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true RESOLVED Core JavaScript Engine [fingerprinting][tor][fp:m2]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled RESOLVED Core DOM: Security Tim Huang[:timhuang] 1337161, 1369303 [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1336208 Bundle and whitelist fonts when privacy.resistFingerprinting = true NEW Core Graphics: Text Tim Huang[:timhuang] 1121643 [tor][fingerprinting][gfx-noted][fp:m2]
1369303 Spoof/Disable performance API when 'privacy.resistFingerprinting' is true RESOLVED Core DOM Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369309 Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true ASSIGNED Core Audio/Video: Playback Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369319 Disable device sensors when 'privacy.resistFingerprinting' is true ASSIGNED Core DOM: Device Interfaces Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369328 Open popup windows in new tabs when 'privacy.resistFingerprinting' = true ASSIGNED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2][domsecurity-active]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true ASSIGNED Core Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1372072 Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true ASSIGNED Core DOM Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]

17 Total; 13 Open (76.47%); 4 Resolved (23.53%); 0 Verified (0%);


MVP: M3 Bugs List (2017-09-25 Firefox 57)

ID Summary Status Product Component Assigned to Depends on Whiteboard
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) NEW Firefox Preferences Arthur Edelstein [:arthuredelstein] [tor][fingerprinting][fp:m3]
1222285 Keyboard layout is leaked by KeyboardEvent NEW Core Event Handling [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3]
1330892 <isindex> leaks user locale NEW Core HTML: Parser 1266495 [fingerprinting][tor][fp:m3]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true NEW Core WebRTC: Audio/Video [fingerprinting][tor][fp:m3]
1333933 Disable/spoof fingerprintable features when privacy.resistFingerprinting = true ASSIGNED Core General Tim Huang[:timhuang] 566434, 1337157, 1337161 [tor][fingerprinting][fp:m3]

5 Total; 5 Open (100%); 0 Resolved (0%); 0 Verified (0%);


MVP: Bugs To Be Triaged

The following bugs are MVP bugs which are not specified priority yet.

ID Summary Status Product Component Assigned to Depends on Whiteboard
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true ASSIGNED Core Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Fingerprinting P2 Bugs List

ID Summary Status Product Component Assigned to Depends on Whiteboard
1314448 Create a build target that adds --disable-webrtc to the mozconfig NEW Release Engineering General Automation [tor][tor-testing][fingerprinting]
1364261 Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true NEW Core General [tor][fingerprinting]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true NEW Core WebRTC: Audio/Video [fingerprinting][tor][fp:m3]
1290481 Implement mitigations for opaque response storage in the DOM cache NEW Core DOM Tom Tung [:tt] 1367309 [storage-v1][fingerprinting]

4 Total; 4 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Fingerprinting P3-P5 Bugs List

ID Summary Status Priority Product Component Assigned to Depends on Whiteboard
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) RESOLVED P3 Core Graphics: Text Arthur Edelstein [:arthuredelstein] 1306715 [gfx-noted] [tor][fingerprinting]
654550 Preference to disable video statistics RESOLVED -- Core Audio/Video leonard.beck [tor] [fingerprinting]
572650 Reduce the amount of data and entropy sent out in HTTP requests NEW P3 Core Networking: HTTP 566434, 583181, 728952, 1090433, 414057, 527886, 572652, 572656, 572659, 572661, 572665, 572667, 572668, 581008, 581783, 582421, 584683, 586165, 588909, 588913, 591537, 591573, 630357, 643352, 669814, 697383, 728582, 728585, 728831, 728888, 728894, 729089, 736373, 757726, 765048, 793978, 799899, 817450, 1054739, 1313580 [fingerprinting][necko-would-take]
583181 Don't reveal navigator.buildID to every site on the web NEW P3 Core DOM 966030, 1216225 [parity-IE] [fingerprinting]
680300 Restrict discoverability of protocol handlers [Tor 1623] NEW P3 Core Networking [fingerprinting][probing][necko-backlog][tor]
724179 Gecko sends cookies and HTTP auth credentials in mixed-content requests NEW P3 Core DOM: Security [fingerprinting], [domsecurity-backlog]
724182 Gecko sends cookies and HTTP auth credentials in cross-domain requests to an unrelated domain for images and scripts that haven't been approved by CORS NEW -- Core DOM: Security [fingerprinting][domsecurity-backlog]
732096 Add a preference to prevent local font enumeration NEW P3 Core Layout 1121643 [fingerprinting][tor][tor-standalone]
779197 Use a protocol not accessible from content NEW P3 Add-on SDK General 820213, 852297 [fingerprinting]
903959 custom resource://foo/ allows fingerprinting addons NEW -- Core Security 863246 [fingerprinting]
1041818 take steps to mitigate canvas fingerprinting NEW P3 Core General [fingerprinting][tor][tor-standalone]
1233691 Redesign mediaDevices.enumerateDevices() API RESOLVED -- Core WebRTC
1233846 WebSpeech API mustn't allow fingerprinting NEW -- Core Web Speech [fingerprinting]
1315203 XSHM: Cross Site History Manipulation (information leakage) NEW P3 Core Document Navigation [fingerprinting]
1325874 Consider seperating page content history for userContextId NEW P3 Core DOM: Security 1283320 [fingerprinting][domsecurity-backlog2][userContextId]
1363508 Consider how to do Anti-fingerprinting for Pointer Events NEW P3 Core DOM: Events [tor][fingerprinting]
1369299 Disable GeoIP/RegionDefault Search lookup when 'privacy.resistFingerprinting' is true ASSIGNED P3 Firefox Search Tim Huang[:timhuang] [fingerprinting][tor]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true ASSIGNED -- Core Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
167475 [URL] Disable external and returning no data protocol handlers in all cases, excluding <A HREF=> ASSIGNED -- Core Document Navigation timeless 379803, 173010, 229168, 379819 [sg:want][fingerprinting][probing][proto] See bug 173010 for whitelisting protocols

19 Total; 16 Open (84.21%); 3 Resolved (15.79%); 0 Verified (0%);


Fingerprinting Resolved Bugs

ID Summary Priority Product Component Assigned to Depends on Whiteboard
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) P3 Core Graphics: Text Arthur Edelstein [:arthuredelstein] 1306715 [gfx-noted] [tor][fingerprinting]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] P1 Core GFX: Color Management Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true P1 Core DOM Chris Peterson [:cpeterson] 1217238 [tor 21675][fingerprinting][fp:m1]
1345322 Create the preference privacy.resistFingerprinting in firefox.js P1 Firefox Preferences Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) P1 Core JavaScript: Standard Library Jonathan Hao [:jhao] [fingerprinting][tor][fp:m1]
654550 Preference to disable video statistics -- Core Audio/Video leonard.beck [tor] [fingerprinting]
1233691 Redesign mediaDevices.enumerateDevices() API -- Core WebRTC
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true P1 Core JavaScript Engine [fingerprinting][tor][fp:m2]
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] P1 Core XUL Tim Huang[:timhuang] 1353894, 1355717, 1364398, 1352141, 1352305 [fingerprinting][tor][fp:m1]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] P1 Core General Tim Huang[:timhuang] [fingerprinting][tor 16622][fp:m1]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled P1 Core DOM: Security Tim Huang[:timhuang] 1337161, 1369303 [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns P1 Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]
1369303 Spoof/Disable performance API when 'privacy.resistFingerprinting' is true P1 Core DOM Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]

13 Total; 0 Open (0%); 13 Resolved (100%); 0 Verified (0%);