Review WebGL2 spec for fingerprinting issues

WebGL2 is available in FF38, but is off by default via a pref (webgl.enable-prototype-webgl2). I imagine it is likely it will be finalized by FF45, so we should review the spec by then.

Here's the spec: https://www.khronos.org/registry/webgl/specs/latest/2.0/

This URL also proved useful in the past: https://www.browserleaks.com/webgl

See also #16005 (moved) and #13022 (moved).

added GeorgKoppen201705 TorBrowserTeam201705R component::applications/tor browser ff52-esr owner::gk priority::high resolution::fixed severity::normal sponsor:: status::closed tbb-7.0-must tbb-fingerprinting type::defect labels

Trac:
Cc: N/A to gk

Still off by default in esr45, moving into ff52-esr land.

Trac:
Reviewer: N/A to N/A
Sponsor: N/A to None
Severity: N/A to Normal
Keywords: ff45-esr deleted, ff52-esr added

This is on since Firefox 51 and could be pretty invasive.

Trac:
Keywords: N/A deleted, TorBrowserTeam201703, tbb-7.0-must added

Moving tickets over to April

Trac:
Keywords: TorBrowserTeam201703 deleted, TorBrowserTeam201704 added

Trac:
Keywords: N/A deleted, GeorgKoppen201704 added

Getting more tickets on our alpha radar.

Trac:
Keywords: tbb-7.0-must deleted, tbb-7.0-must-alpha added

Moving the investigation tickets to higher priority.

Trac:
Priority: Medium to High

Dropping "pref("webgl.dxgl.enabled", true);" here to not forget it (esr52 diff).

Moving our tickets to May 2017.

Trac:
Keywords: TorBrowserTeam201704 deleted, TorBrowserTeam201705 added

Moving my tickets to May.

Trac:
Keywords: GeorgKoppen201704 deleted, GeorgKoppen201705 added

We are beyond the alpha testing. Moving tickets for tbb-7.0-must.

Trac:
Keywords: tbb-7.0-must-alpha deleted, tbb-7.0-must added

Trac:
Status: new to assigned
Owner: tbb-team to gk

https://browserleaks.com/webgl has WebGL2 values as well and there are a bunch of them that are different on different platforms/computers ("3.7.2 Setting and getting state" has a good overview of what information is made available with the new WebGL version).

One thing we could do is trying to determine whether we want to bind at least some of those values to our modified minimal mode as well (see #16005 (moved)). But for the time being (i.e. for preparing a 7.0 release) disabling WebGL2 seems to be the best solution. This is done by flipping webgl.enable-webgl2 to false.

See bug_16404 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16404&id=746c4951890769f50bbec2c73193ab31c169b7c2) for that patch. I opened #22333 (moved) for thinking harder about a possible middle-ground between disabling WebGL2 and getting the full fingerprinting flavor.

Trac:
Keywords: TorBrowserTeam201705 deleted, TorBrowserTeam201705R added
Status: assigned to needs_review

r=mcs This looks good to me.

Applied to tor-browser-52.1.1esr-7.0-1and tor-browser-52.1.0esr-7.0-2 (commit b9bff8b465284d1ad0a95ca19e2318b4e200f63f and 2931426f6f8f2541ca6e5b43c62a61ab8bc9eec4).

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

closed

mentioned in issue #19048 (moved)

mentioned in issue #22333 (moved)

moved to tpo/applications/tor-browser#16404 (closed)