Investigate fingerprinting of mouse/pointing events

MouseEvent, WheelEvent, and DragEvent may reveal properties of the connected pointing device. Let's examine if we can suppress some of this fingerprintability.

added component::applications/tor browser owner::tbb-team priority::medium severity::normal status::new tbb-fingerprinting type::defect labels

Trac:
Cc: elypter to elypter, gk

Trac:
Cc: elypter, gk to elypter, gk, brade, mcs

Things that worry me:

• MouseEvent.mozInputSource is designed to report the type of pointing device being used. Maybe we should always spoof this to MouseEvent.MOZ_SOURCE_MOUSE?
• MouseEvent.buttons reports if the user is using a mouse with unusual buttons ("Browser Forward", "Browser Back"). Suppress all but left, right, middle buttons?
• MouseEvent.movementX/Y: Are these movements quantized in a hardware-dependent manner?
• MouseEvent.mozPressure: Do we want to reveal that the user is using a touch-sensitive pointing device?
• WheelEvent.deltaX/deltaY/deltaZ: Are these quantized in a hardware-dependent way?
• WheelEvent.deltaWheel: Is this value determined by hardware or platform? (I don't see any additional potential problems for DragEvent).

Trac:
Description: MouseEvent, MouseWheelEvent, WheelEvent, and DragEvent may reveal properties of the connected pointing device. Let's examine if we can suppress some of this fingerprintability.

to

MouseEvent, WheelEvent, and DragEvent may reveal properties of the connected pointing device. Let's examine if we can suppress some of this fingerprintability.

MouseEvent.which and MouseEvent.metaKey could reveal hardware specific buttons like ö WheelEvent.deltaY and WheelEvent.deltaZ could reveal hardware because not every device has them.

not revealing the pointing device at all is difficult if the movement can be tracked. touchscreens jump mouses move pen tablets move or jump and touchpads and balls move,stop,move. x/y could only be revealed if the cursor isnt moving but i dont know if this could be circumventd with tons of hidden mouse over events.

Trac:
Username: elypter

This threat could be reduced if we disabled some of this functionality via the security slider.

Replying to kernelcorn:

This threat could be reduced if we disabled some of this functionality via the security slider.

I hear this kind of argument more often recently. Keep in mind that this slider is a security slider not a privacy slider on purpose. I think we should give the best privacy protections we can to all users independent of the security level they've chosen.

Please make sure the mouse functionality still works.

I.e. the back/forward buttons result in the proper browser navigation. The web page doesn't need to see the mouse events for that. One possibility would be to emulate Alt+ behavior.

http://jcarlosnorte.com/assets/fingerprint/ (via http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html) has some code.

Trac:
Sponsor: N/A to N/A
Severity: N/A to Normal

mentioned in issue #18498 (moved)

mentioned in issue #18498 (moved)

moved to tpo/applications/tor-browser#17023