Opened 5 years ago

Closed 5 years ago

#16336 closed task (fixed)

Make sure the User Timing API does not provide a new high resolution timestamp

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: ff38-esr, tbb-fingerprinting-time-highres, tbb-pref, MikePerry201506
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

We should make sure that the User Timing API provides timestamps with reduced precision only. See: for its implementation.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by gk

Description: modified (diff)

comment:2 Changed 5 years ago by mikeperry

Keywords: tbb-pref MikePerry201506 added

In fact this is a DOMHighresTimeStamp. Units are milliseconds, but resolution is at least microseconds (and even higher resolution for Mozilla Firefox, depending on CPU model).

This API also allows content to store names for timers and timestamps (in what scope? who knows.. the privacy section of the W3C spec basically just takes a shit on any privacy concerns), complicates things like #16110, and the API generally appears to be useless from a practical point of view.

I say we disable it for now, and maybe even forever. The dom.enable_user_timing pref does in fact seem to work.

comment:3 Changed 5 years ago by mikeperry

Resolution: fixed
Status: newclosed

I disabled this API via the pref for 5.0a3.

Note: See TracTickets for help on using tickets.