Opened 4 years ago

Closed 3 years ago

#15640 closed defect (fixed)

Place Canvas MediaStream behind site permission

Reported by: mikeperry Owned by: mcs
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff45-esr, tbb-fingerprinting, tbb-6.0a5, TorBrowserTeam201604R
Cc: gk, brade, mcs, arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor: None

Description

The Canvas is specified as a potential MediaStream source, to allow live video capture of Canvas data by Javascript. This is a fingerprinting risk, and should be placed behind our Canvas site permission.

https://dvcs.w3.org/hg/audio/raw-file/tip/streams/StreamProcessing.html#canvas-recording

Apparently support for this has not yet been added to Firefox, but they are currently working on landing it. Adding the ff45-esr tag accordingly.

Child Tickets

Attachments (1)

0001-fixup-Bug-6253-Add-canvas-image-extraction-prompt.patch (6.2 KB) - added by mcs 3 years ago.
proposed fix

Download all attachments as: .zip

Change History (16)

comment:1 Changed 4 years ago by gk

Cc: gk added

comment:2 Changed 4 years ago by mcs

Cc: brade mcs added
Severity: Normal
Sponsor: None

There is also a preference to disable this feature:

canvas.capturestream.enabled

That said, unless we run out of time during our ESR45 work, we should protect access to this feature using the existing canvas prompt that is in Tor Browser.

comment:3 Changed 3 years ago by gk

Keywords: tbb-6.0a5 added

comment:4 Changed 3 years ago by mcs

Owner: changed from tbb-team to mcs
Status: newaccepted

Taking ownership of some ff45-esr tickets.

comment:5 Changed 3 years ago by mcs

Keywords: TorBrowserTeam201603R added
Status: acceptedneeds_review

Please review the attached patch.

comment:6 Changed 3 years ago by gk

Keywords: TorBrowserTeam201604R added; TorBrowserTeam201603R removed

No easy way to do reviews in March anymore.

comment:7 Changed 3 years ago by gk

Status: needs_reviewneeds_information

How can one test this?

comment:8 Changed 3 years ago by mcs

We have a somewhat ugly test page that we have been using. A copy is available here:
https://people.torproject.org/~brade/tests/canvasTest.html

Clicking the "captureStream" button will cause the contents of the "Source canvas" to be mirrored to the "Destination video."

comment:9 Changed 3 years ago by gk

Thanks, looks good to me. I was a bit confused by the pointInPath() and pointIStroke() buttons as the tests behind them always pass even if I don't have Data Extraction Allowed checked. Is that supposed to be this way?

comment:10 Changed 3 years ago by gk

Cc: arthuredelstein added
Status: needs_informationneeds_review

Ah, it tests only the case where data extraction is falsely allowed, nevermind then. Adding Arthur into Cc for a second review.

comment:11 in reply to:  10 Changed 3 years ago by mcs

Replying to gk:

Ah, it tests only the case where data extraction is falsely allowed, nevermind then. Adding Arthur into Cc for a second review.

Yes. That test page is a little quirky and not very well documented. Sorry.

comment:12 Changed 3 years ago by gk

Arthur: could you have a look at this one as well?

comment:13 Changed 3 years ago by gk

I am taking that one as well as we want to have it in the alpha (commit 916c78a0a56a38763077634cd492cfdcb2e37b81 in tor-browser-45.0.2esr-6.x-1). I leave it open, so that we get reminded that we want to have a second review before putting that patch into the stable version.

comment:14 Changed 3 years ago by arthuredelstein

Sorry I didn't manage to review this earlier. I looked over the code carefully and I ran the tests and it all looks good to me. The tests are very nice and we might consider porting them into an automated regression test. I opened a ticket in case one us feels like working on that: #18903

comment:15 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Okay, thanks.

Note: See TracTickets for help on using tickets.