Opened 4 years ago

Last modified 4 years ago

#18195 new enhancement

Add a flag to identify Tor Browser in JS

Reported by: pento Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: gary@…, brade, mcs, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When Tor Browser visits a WordPress site, they'll see canvas image data warning, as WordPress tries to detect if the current browser is capable of rendering emoji.

We can disable this test in Tor Browser, but we need a consistent method for testing that we're definitely in the Tor Browser. I don't believe such a flag would present a privacy issue, as it's already possible to detect if the user is coming from a Tor exit node with the Tor Browser's UA, but this method doesn't lend itself to WordPress' needs.

See further discussion on the WordPress ticket: https://core.trac.wordpress.org/ticket/32138

Child Tickets

Change History (9)

comment:1 Changed 4 years ago by pento

Cc: gary@… added

comment:2 Changed 4 years ago by cypherpunks

I think we need an RFC for an API to get browsers' capabilities.

comment:3 Changed 4 years ago by bugzilla

Do you need emoji detection or TB in user-agent?

comment:4 Changed 4 years ago by pento

Tor Browser in UA would be ideal.

We've found that browser support for emoji is inconsistent, even when the browser claims to render emoji. It's easier for everyone involved to just disable this test in Tor Browser.

comment:5 Changed 4 years ago by mcs

Cc: brade gk added

Thank you for filing this ticket. I think this explains a lot of use of the canvas getImageData() method on websites where we (the Tor Browser developers) would not expect to see it used. I found this article that explains the technique a little:

http://crocodillon.com/blog/parsing-emoji-unicode-in-javascript

(it relies on the fact that the canvas fillText() method apparently renders nothing for characters that it cannot display).

If WordPress detects that Tor Browser is in use, will you assume there is no native emoji support in the browser? It would be nice if there was a better solution.

comment:6 Changed 4 years ago by mcs

Cc: mcs added

comment:7 Changed 4 years ago by cypherpunks

There is no need for using canvas. Rendered font metrics can be detected via Javascript or CSS. So placeholders can be detected that way.

TBB is not the only canvas-blocking browser. There are generic browser addons that block canvas reading on non-TBB browsers.

comment:8 in reply to:  5 Changed 4 years ago by pento

Replying to mcs:

If WordPress detects that Tor Browser is in use, will you assume there is no native emoji support in the browser? It would be nice if there was a better solution.

That would be the plan. I'm also open to assuming that there's complete native support (Firefox's emoji support is actually pretty good, so it wouldn't be a terrible UX).

Replying to cypherpunks:

There is no need for using canvas. Rendered font metrics can be detected via Javascript or CSS.

I'm not aware of such a technique that works for detecting correct emoji rendering. Do you have a link, or example code?

comment:9 Changed 4 years ago by pento

Hey folks, is there any update on if this would be possible?

Note: See TracTickets for help on using tickets.