Opened 4 years ago

Closed 3 years ago

#16328 closed defect (fixed)

Alter/Disable MediaDevices.enumerateDevices

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff45-esr, tbb-fingerprinting, tbb-6.0a5, TorBrowserTeam201604
Cc: gk, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices showed up in the Firefox developer docs for FF36, but it was disabled until FF39. We should investigate it for fingerprinting then.

Child Tickets

Change History (10)

comment:1 Changed 4 years ago by gk

Cc: gk added
Component: - Select a componentTor Browser
Owner: set to tbb-team

comment:2 Changed 4 years ago by gk

https://lists.w3.org/Archives/Public/public-privacy/2015AprJun/0080.html ff. might have some interesting background discussion.

Last edited 4 years ago by gk (previous) (diff)

comment:3 Changed 4 years ago by gk

Keywords: tbb-6.0a5 added
Severity: Normal

comment:4 Changed 4 years ago by gk

Keywords: TorBrowserTeam201604 added

We want that for the alpha and the ESR 45 stable series.

comment:5 Changed 4 years ago by mcs

Cc: brade mcs added

One stop-gap measure would be to disable this feature via pref. It looks like everything is controlled by the Navigator::HasUserMediaSupport() function whose implementation is:

  return Preferences::GetBool("media.navigator.enabled", false) ||
         Preferences::GetBool("media.peerconnection.enabled", false);

so we could set media.navigator.enabled=false (we already set media.peerconnection.enabled=false).

comment:6 Changed 4 years ago by gk

Yes, that's true and I guess much less involved than allowing that "feature" but neutering its tracking/fingerprinting potential.

However, it seems to me we might not need to do anything here. Testing with

navigator.mediaDevices.enumerateDevices()
.then(function(devices) {
devices.forEach(function(device) {
console.log(device.kind + ": " + device.label +
" id = " + device.deviceId);
});
})
.catch(function(err) {
console.log(err.name + ": " + err.message);
});

it showed devices with a vanilla Firefox 45. But with a Tor Browser based on ESR 45 I just get

TypeError: navigator.mediaDevices is undefined

This might be due to our not compiling WebRTC in?

comment:7 in reply to:  6 Changed 4 years ago by mcs

Replying to gk:

This might be due to our not compiling WebRTC in?

Yes. A bunch of pref values are omitted when WebRTC is not compiled. See:
http://mxr.mozilla.org/mozilla-esr45/source/modules/libpref/init/all.js#363

comment:8 in reply to:  5 ; Changed 3 years ago by gk

Status: newneeds_review

Replying to mcs:

One stop-gap measure would be to disable this feature via pref. It looks like everything is controlled by the Navigator::HasUserMediaSupport() function whose implementation is:

  return Preferences::GetBool("media.navigator.enabled", false) ||
         Preferences::GetBool("media.peerconnection.enabled", false);

so we could set media.navigator.enabled=false (we already set media.peerconnection.enabled=false).

Yes, correct. bug_16328 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16328) has that fix for review.

comment:9 in reply to:  8 Changed 3 years ago by mcs

Replying to gk:

Yes, correct. bug_16328 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16328) has that fix for review.

r=brade, r=mcs

comment:10 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Commit 659e0bdad18e5f4550cb7de8b4248354af5870c9 on tor-browser-45.0.2esr-6.x-1 has it, thanks.

Note: See TracTickets for help on using tickets.