Skip to content
This repository was archived by the owner on Dec 11, 2019. It is now read-only.

Block additional fp-related methods #11055

Closed
wants to merge 3 commits into from
Closed

Block additional fp-related methods #11055

wants to merge 3 commits into from

Conversation

pes10k
Copy link
Contributor

@pes10k pes10k commented Sep 20, 2017

Fixes #10288

This change would block the following 5 methods (presented below, with brief motivation for each). Numbers for feature use / tracking use are taken from https://www.cs.uic.edu/%7Epsnyder/static/papers/Browser_Feature_Usage_on_the_Modern_Web.pdf

CanvasRenderingContext2D.prototype.isPointInPath

  • Is used in popular live, popular fingerprinting code
  • Is infrequently used on the web (was observed on only 166 sites in the Alexa 10k)
  • Is frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 28 sites in the Alexa 10k, suggesting its used for tracking 83% of the time)

WebGLRenderingContext.prototype.getUniformLocation and WebGLRenderingContext.prototype.getAttribLocation

  • Are used in popular live, popular fingerprinting code, (here and here, for example)
  • Are infrequently used on the web (was observed on only 255 and 250 sites in the Alexa 10k, respectivly)
  • Are frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 44 and sites in the Alexa 10k, suggesting its used for tracking 82.75% and 82.4% of the time)
  • Non-obvious use case (e.x.: its not obvious to see why you'd need to query these parameters out of the context, if you'd already set them)

SVGPathElement.prototype.getTotalLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Very infrequently used on the web (observed on 140 of the Alexa 10k)
  • Very frequently associated with tracking (use goes down to only 2 sites, or a 98.57% reduction, in the presence of Ghostery)

SVGTextContentElement.prototype.getComputedTextLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Extremely associated with tracking (use goes from 1003 sites in the Alexa 10k, to 1, or a 99.9% reduction, in the presence of Ghostery)

@luixxiul luixxiul added this to the 0.21.x (Nightly Channel) milestone Sep 21, 2017
diracdeltas
diracdeltas approved these changes Sep 21, 2017
View reviewed changes
Copy link
Member

@diracdeltas diracdeltas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! please

  1. squash the 3 commits into 1
  2. add the documentation from this PR to https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode

@pes10k pes10k closed this Sep 25, 2017
@pes10k pes10k deleted the 10288-block-more-fp-methods branch September 25, 2017 19:27
@bbondy bbondy modified the milestones: 0.21.x (Developer Channel), 0.20.x (Beta Channel) Oct 25, 2017
@luixxiul
Copy link
Contributor

@snyderp @diracdeltas were those commits merged somewhere?

@luixxiul luixxiul added the needs-info Another team member needs information from the PR/issue opener. label Oct 30, 2017
@luixxiul
Copy link
Contributor

nvm, I found the PR: #11140

@luixxiul luixxiul removed this from the 0.20.x (Beta Channel) milestone Oct 30, 2017
@luixxiul luixxiul removed the needs-info Another team member needs information from the PR/issue opener. label Oct 30, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@diracdeltas diracdeltas diracdeltas approved these changes

@bridiver bridiver Awaiting requested review from bridiver

Assignees

@pes10k pes10k

Labels
feature/shields
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pes10k @luixxiul @diracdeltas @bbondy @psnyde2