Opened 6 years ago

Closed 2 years ago

Last modified 2 years ago

#10283 closed task (fixed)

SpeechSynthesis API may be fingerprintable

Reported by: mikeperry Owned by: arthuredelstein
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-fingerprinting, tbb-testcase, tbb-7.0-must-alpha, TorBrowserTeam201704R
Cc: gk, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor: None

Description

In https://bugzilla.mozilla.org/show_bug.cgi?id=525444, Mozilla landed support for JS access to OS provided speech synthesis. It appears to be off by default in FF24, but if it is enabled it may a fingerprinting vector through computer-specific speech packages which are exposed in an enumeratable fashion through speechSynthesis.getVoices().

We should keep an eye on this in case it gets enabled by default later.

Child Tickets

Change History (19)

comment:1 Changed 6 years ago by gk

Cc: gk added

comment:2 Changed 6 years ago by gk

Keywords: tbb-testcase added

comment:3 Changed 5 years ago by erinn

Keywords: tbb-firefox-patch added

comment:4 Changed 5 years ago by erinn

Component: Firefox Patch IssuesTor Browser

comment:5 Changed 5 years ago by mikeperry

Keywords: ff38-esr added; ff31-esr removed

This appears to be still disabled in ff31. The pref is media.webspeech.recognition.enable.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API.

comment:6 Changed 4 years ago by mikeperry

Keywords: ff45-esr added; ff38-esr removed

Still disabled in FF38.

comment:7 Changed 3 years ago by gk

Keywords: ff52-esr added; ff45-esr removed
Severity: Normal
Sponsor: None

Still off -> ff52-esr.

comment:8 Changed 2 years ago by jhao

This is enabled since Firefox 49.

comment:9 Changed 2 years ago by mcs

Cc: brade mcs added

comment:10 Changed 2 years ago by gk

Keywords: tbb-7.0-must-alpha TorBrowserTeam201704 added; tbb-firefox-patch removed

comment:11 Changed 2 years ago by arthuredelstein

Not only does speechSythesis.getVoices() allow voices to be listed, but there are callbacks that would allow JS to time how long a phrase takes to be "uttered". So one possibility is to disable this API:

https://github.com/arthuredelstein/tor-browser/commit/10283

I suppose another way would be to fake the callback so it always returns the same duration for a given phrase. Or block the callback event altogether. Not sure which of these is the best option.

comment:12 in reply to:  5 Changed 2 years ago by arthuredelstein

Replying to mikeperry:

This appears to be still disabled in ff31. The pref is media.webspeech.recognition.enable.

To clarify, this pref is for speech recognition, and is still off by default in 52ESR. My patch in the previous comment disables speech generation as well.

comment:13 Changed 2 years ago by arthuredelstein

Keywords: TorBrowserTeam201704R added; TorBrowserTeam201704 removed
Status: newneeds_review

comment:14 Changed 2 years ago by arthuredelstein

Owner: set to arthuredelstein
Status: needs_reviewaccepted

comment:15 Changed 2 years ago by arthuredelstein

Status: acceptedneeds_review

comment:16 Changed 2 years ago by cypherpunks

#18598 is a duplicate, then.

comment:17 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Applied as commit 6133397c142c1c58ec7da8aabd5a952a01d6fc6bon on tor-browser-52.1.0esr-7.0-2. I'll move #18598 to ff59-esr to be sure nothing is falling through the cracks once the recognition feature is available.

comment:18 Changed 2 years ago by gk

FWIW: this disables the narrate feature in reader mode as well, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1166365.

comment:19 in reply to:  18 Changed 2 years ago by arthuredelstein

Replying to gk:

FWIW: this disables the narrate feature in reader mode as well, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1166365.

That's unfortunate; I opened #22075.

Note: See TracTickets for help on using tickets.