SpeechSynthesis API may be fingerprintable

In https://bugzilla.mozilla.org/show_bug.cgi?id=525444, Mozilla landed support for JS access to OS provided speech synthesis. It appears to be off by default in FF24, but if it is enabled it may a fingerprinting vector through computer-specific speech packages which are exposed in an enumeratable fashion through speechSynthesis.getVoices().

We should keep an eye on this in case it gets enabled by default later.

added TorBrowserTeam201704R component::applications/tor browser ff52-esr owner::arthuredelstein priority::high resolution::fixed severity::normal sponsor:: status::closed tbb-7.0-must-alpha tbb-fingerprinting tbb-testcase type::task labels

Trac:
Cc: N/A to gk

Trac:
Keywords: N/A deleted, tbb-testcase added

Trac:
Keywords: N/A deleted, tbb-firefox-patch added

Trac:
Component: Firefox Patch Issues to Tor Browser

This appears to be still disabled in ff31. The pref is media.webspeech.recognition.enable.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API.

Trac:
Keywords: ff31-esr deleted, ff38-esr added

Still disabled in FF38.

Trac:
Keywords: ff38-esr deleted, ff45-esr added

Still off -> ff52-esr.

Trac:
Keywords: ff45-esr deleted, ff52-esr added
Sponsor: N/A to None
Reviewer: N/A to N/A
Severity: N/A to Normal

This is enabled since Firefox 49.

Trac:
Username: jhao

Trac:
Cc: gk to gk, brade, mcs

Trac:
Keywords: tbb-firefox-patch deleted, tbb-7.0-must-alpha, TorBrowserTeam201704 added

Not only does speechSythesis.getVoices() allow voices to be listed, but there are callbacks that would allow JS to time how long a phrase takes to be "uttered". So one possibility is to disable this API:

https://github.com/arthuredelstein/tor-browser/commit/10283

I suppose another way would be to fake the callback so it always returns the same duration for a given phrase. Or block the callback event altogether. Not sure which of these is the best option.

Replying to mikeperry:

This appears to be still disabled in ff31. The pref is media.webspeech.recognition.enable.

To clarify, this pref is for speech recognition, and is still off by default in 52ESR. My patch in the previous comment disables speech generation as well.

Trac:
Keywords: TorBrowserTeam201704 deleted, TorBrowserTeam201704R added
Status: new to needs_review

Trac:
Owner: N/A to arthuredelstein
Status: needs_review to accepted

Trac:
Status: accepted to needs_review

#18598 (moved) is a duplicate, then.

Applied as commit 6133397c142c1c58ec7da8aabd5a952a01d6fc6bon on tor-browser-52.1.0esr-7.0-2. I'll move #18598 (moved) to ff59-esr to be sure nothing is falling through the cracks once the recognition feature is available.

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

FWIW: this disables the narrate feature in reader mode as well, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1166365.

Replying to gk:

FWIW: this disables the narrate feature in reader mode as well, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1166365.

That's unfortunate; I opened #22075 (moved).

closed

mentioned in issue #18598 (moved)

mentioned in issue #19048 (moved)

mentioned in issue #22075 (moved)

moved to tpo/applications/tor-browser#10283 (closed)

mentioned in issue tpo/applications/tor-browser#22075 (closed)