Opened 4 years ago

Closed 2 years ago

#16404 closed defect (fixed)

Review WebGL2 spec for fingerprinting issues

Reported by: mikeperry Owned by: gk
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-fingerprinting, TorBrowserTeam201705R, GeorgKoppen201705, tbb-7.0-must
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor: None

Description

WebGL2 is available in FF38, but is off by default via a pref (webgl.enable-prototype-webgl2). I imagine it is likely it will be finalized by FF45, so we should review the spec by then.

Here's the spec:
https://www.khronos.org/registry/webgl/specs/latest/2.0/

This URL also proved useful in the past:
https://www.browserleaks.com/webgl

See also #16005 and #13022.

Child Tickets

Change History (15)

comment:1 Changed 4 years ago by gk

Cc: gk added

comment:2 Changed 4 years ago by gk

Keywords: ff52-esr added; ff45-esr removed
Severity: Normal
Sponsor: None

Still off by default in esr45, moving into ff52-esr land.

comment:3 Changed 3 years ago by gk

Keywords: tbb-7.0-must TorBrowserTeam201703 added

This is on since Firefox 51 and could be pretty invasive.

comment:4 Changed 3 years ago by gk

Keywords: TorBrowserTeam201704 added; TorBrowserTeam201703 removed

Moving tickets over to April

comment:5 Changed 2 years ago by gk

Keywords: GeorgKoppen201704 added

comment:6 Changed 2 years ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting more tickets on our alpha radar.

comment:7 Changed 2 years ago by gk

Priority: MediumHigh

Moving the investigation tickets to higher priority.

comment:8 Changed 2 years ago by gk

Dropping "pref("webgl.dxgl.enabled", true);" here to not forget it (esr52 diff).

comment:9 Changed 2 years ago by gk

Keywords: TorBrowserTeam201705 added; TorBrowserTeam201704 removed

Moving our tickets to May 2017.

comment:10 Changed 2 years ago by gk

Keywords: GeorgKoppen201705 added; GeorgKoppen201704 removed

Moving my tickets to May.

comment:11 Changed 2 years ago by gk

Keywords: tbb-7.0-must added; tbb-7.0-must-alpha removed

We are beyond the alpha testing. Moving tickets for tbb-7.0-must.

comment:12 Changed 2 years ago by gk

Owner: changed from tbb-team to gk
Status: newassigned

comment:13 Changed 2 years ago by gk

Keywords: TorBrowserTeam201705R added; TorBrowserTeam201705 removed
Status: assignedneeds_review

https://browserleaks.com/webgl has WebGL2 values as well and there are a bunch of them that are different on different platforms/computers ("3.7.2 Setting and getting state" has a good overview of what information is made available with the new WebGL version).

One thing we could do is trying to determine whether we want to bind at least some of those values to our modified minimal mode as well (see #16005). But for the time being (i.e. for preparing a 7.0 release) disabling WebGL2 seems to be the best solution. This is done by flipping webgl.enable-webgl2 to false.

See bug_16404 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_16404&id=746c4951890769f50bbec2c73193ab31c169b7c2) for that patch. I opened #22333 for thinking harder about a possible middle-ground between disabling WebGL2 and getting the full fingerprinting flavor.

comment:14 Changed 2 years ago by mcs

r=mcs
This looks good to me.

comment:15 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Applied to tor-browser-52.1.1esr-7.0-1and tor-browser-52.1.0esr-7.0-2 (commit b9bff8b465284d1ad0a95ca19e2318b4e200f63f and 2931426f6f8f2541ca6e5b43c62a61ab8bc9eec4).

Note: See TracTickets for help on using tickets.