Security/Fingerprinting: Difference between revisions

← Older edit

Security/Fingerprinting (view source)

Revision as of 04:00, 13 March 2020

4,253 bytes added , 13 March 2020

→‎Terse List

Tritter

130

edits

@@ Line 4: / Line 4: @@
 Refer to the design and implementation document of the Tor Browser: <br>
 https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+== Technical Details ==
+This page contains technical details about the things we do in Resist fingerprinting mode. It is up to date as of March 7, 2018
+=== Terse List ===
+* Complicated (see below)
+** Canvas image extraction is blocked
+** Absolute Screen Coordinates are obscured
+** Window Dimensions are rounded to a multiple of 200x100, and a warning is shown when maximizing
+** We only allow specific system fonts to be used, and we ship them to the user using kinto
+* Non-Trivial (see below)
+** The performance API is mostly disabled
+** Time Precision is reduced to 100ms, with up to 100ms of jitter
+** mozAddonManager may be blocked {{Bug|1384330}}
+** Media Devices are spoofed {{Bug|1372073}}
+** WebGL is limited {{Bug|1217290}}
+** The Keyboard Layout is spoofed
+** The Locale is spoofed to en-US
+** The Date Input Field and Date Picker Panel are spoofed to en-US {{Bug|1492587}}
+** If you customize the preferred language list (Accept-Language), you will be warned {{Bug|1039069}}
+** System Media Queries will never match {{Bug|1479240}}
+** The Pointer Event is spoofed {{Bug|1363508}} and also pointerEvent.pointerid {{Bug|1492766}}
+* Trivial
+** The browser version is reported to be the most recent ESR version (but the OS is not spoofed)
+** Timezone is spoofed to 'UTC'
+** The gamepad API is disabled
+** All device sensors are disabled
+** The WebSpeech API is disabled
+** WEBGL_debug_renderer_info extension is disabled {{Bug|1337157}}
+** navigator.hardwareConcurrency is spoofed to 2
+** Site-specific zoom is disabled {{Bug|1369357}}
+** MediaError.message is restricted to a whitelist {{Bug|1354633}}
+** The Network Information API reports an 'Unknown' connection type, and the ontypechange event is suppressed {{Bug|1372072}}
+** The Media Statistics API will report calculated numbers not reflecting reality {{Bug|1369309}}
+** Web Extensions are able to toggle privacy.resistFingerprinting
+** Geolocation is disabled {{Bug|1372069}} - but this will be reverted {{Bug|1441295}}
+** screen.orientation.type is spoofed as 'landscape-primary' and screen.orientation.angle is spoofed to '0' {{Bug|1281949}} but also {{Bug|1433815}}
+** navigator.plugins and navigator.mimeTypes are reported as empty {{Bug|1281963}} and {{Bug|1324044}}
+** prefers-reduced-motion always returns false {{Bug|1478158}}
+** AudioContext OutputLatency is spoofed {{Bug|1564422}}
+** prefers-color-scheme always says light mode.
+=== Details ===
+==== Canvas Fingerprinting Detection ====
+==== Absolute Screen Coordinates ====
+{{Bug|1382499}}
+==== Window Dimensions ====
+{{Bug|1330882}}
+==== Fonts ====
+TODO
+==== Performance API ====
+Most performance APIs are disabled, but not all of them.  TODO more details.
+==== Time Precision Reduction ====
+TODO more details
+* animation API - {{Bug|1382545}}
+==== mozAddonManager ====
+window.navigator.mozAddonManager is only exposed to addons.mozilla.org. In Resist Fingerprinting mode, we keep it exposed; however if the additional preference 'privacy.resistFingerprinting.block_mozAddonManager' is true, then it is not exposed to AMO
+==== Media Devices ====
+When RFP is enabled, enumerateDevices reports that the user has one camera (named 'Internal Camera') and one microphone (named 'Internal Microphone'). The devicechange event is also suppressed.
+==== WebGL ====
+TODO
+==== Keyboard Layout ====
+{{Bug|1222285}}, {{Bug|1438795}}, {{Bug|1409974}}, {{Bug|1433592}}
+==== Locale ====
+{{Bug|867501}}, {{Bug|1330892}}, {{Bug|1369330}}, {{Bug|1409973}}
+==== Accept-Languages ====
 == Project Schedule ==
-* Complete the implementation of MVP in '''Firefox 57 (2018-09-20)'''
+* Complete the implementation of MVP in '''Firefox 57 (2017-09-20)'''
 ** This is being tracked by three milestones M1, M2, and M3
 * Feature stabilization and refinement in '''Firefox 58 (2017-11-13)'''
@@ Line 15: / Line 109: @@
 * Ship the feature in '''Firefox 59 (2018-01-15)
 ** Tor Browser will be using Firefox ESR 59
 == Bug Tracking ==
@@ Line 80: / Line 173: @@
 === Fingerprinting P2 Bugs List ===
-<bugzilla>
+<disabled-bugzilla>
      {
          "blocks":"1329996",
@@ Line 88: / Line 181: @@
          "order": "status, assigned_to"
      }
-</bugzilla>
+</disabled-bugzilla>
 === Fingerprinting P3-P5 Bugs List ===
-<bugzilla>
+<disabled-bugzilla>
      {
          "blocks":"1329996",
@@ Line 97: / Line 190: @@
          "priority":["P3", "P4", "P5", "--"],
          "include_fields": "id, summary, status, priority, product, component, assigned_to, depends_on, whiteboard",
+        "order": "status, assigned_to"
+    }
+</disabled-bugzilla>
+=== Fingerprinting Breakage ===
+<bugzilla>
+    {
+        "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"],
+        "whiteboard":["fingerprinting-breakage"],
+        "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard",
          "order": "status, assigned_to"
      }
 </bugzilla>
+=== All Open Tagged Fingerprinting Bugs ===
+<disabled-bugzilla>
+    {
+        "status":["NEW", "ASSIGNED", "REOPENED"],
+        "whiteboard":["fingerprinting"],
+        "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard",
+        "order": "status, assigned_to"
+    }
+</disabled-bugzilla>
 === Fingerprinting Resolved Bugs ===
-<bugzilla>
+<disabled-bugzilla>
      {
          "blocks":"1329996",
@@ Line 109: / Line 224: @@
          "order": "assigned_to"
      }
-</bugzilla>
+</disabled-bugzilla>