Alter/Disable MediaDevices.enumerateDevices

https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices showed up in the Firefox developer docs for FF36, but it was disabled until FF39. We should investigate it for fingerprinting then.

added TorBrowserTeam201604 component::applications/tor browser ff45-esr owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-6.0a5 tbb-fingerprinting type::defect labels

Trac:
Component: - Select a component to Tor Browser
Owner: N/A to tbb-team
Cc: N/A to gk

https://lists.w3.org/Archives/Public/public-privacy/2015AprJun/0080.html ff. might have some interesting background discussion.

https://bugzilla.mozilla.org/show_bug.cgi?id=1046245 https://bugzilla.mozilla.org/show_bug.cgi?id=1033885

are the Mozilla bugs.

Trac:
Severity: N/A to Normal
Reviewer: N/A to N/A
Keywords: N/A deleted, tbb-6.0a5 added
Sponsor: N/A to N/A

We want that for the alpha and the ESR 45 stable series.

Trac:
Keywords: N/A deleted, TorBrowserTeam201604 added

One stop-gap measure would be to disable this feature via pref. It looks like everything is controlled by the Navigator::HasUserMediaSupport() function whose implementation is:

  return Preferences::GetBool("media.navigator.enabled", false) ||
         Preferences::GetBool("media.peerconnection.enabled", false);

so we could set media.navigator.enabled=false (we already set media.peerconnection.enabled=false).

Trac:
Cc: gk to gk, brade, mcs

Yes, that's true and I guess much less involved than allowing that "feature" but neutering its tracking/fingerprinting potential.

However, it seems to me we might not need to do anything here. Testing with

navigator.mediaDevices.enumerateDevices()
.then(function(devices) {
devices.forEach(function(device) {
console.log(device.kind + ": " + device.label +
" id = " + device.deviceId);
});
})
.catch(function(err) {
console.log(err.name + ": " + err.message);
});

it showed devices with a vanilla Firefox 45. But with a Tor Browser based on ESR 45 I just get

TypeError: navigator.mediaDevices is undefined

This might be due to our not compiling WebRTC in?

Replying to gk:

This might be due to our not compiling WebRTC in?

Yes. A bunch of pref values are omitted when WebRTC is not compiled. See: http://mxr.mozilla.org/mozilla-esr45/source/modules/libpref/init/all.js#363

Replying to mcs:

One stop-gap measure would be to disable this feature via pref. It looks like everything is controlled by the Navigator::HasUserMediaSupport() function whose implementation is: {{{ return Preferences::GetBool("media.navigator.enabled", false) || Preferences::GetBool("media.peerconnection.enabled", false); }}} so we could set media.navigator.enabled=false (we already set media.peerconnection.enabled=false).

Yes, correct. bug_16328 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16328) has that fix for review.

Trac:
Status: new to needs_review

Replying to gk:

Yes, correct. bug_16328 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16328) has that fix for review.

r=brade, r=mcs

Commit 659e0bdad18e5f4550cb7de8b4248354af5870c9 on tor-browser-45.0.2esr-6.x-1 has it, thanks.

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

closed

moved to tpo/applications/tor-browser#16328 (closed)