Opened 2 years ago

Last modified 6 months ago

#18599 assigned task

Make sure OffScreenCanvas API does not render moot our canvas fingerprinting protection

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, GeorgKoppen201705, TorBrowserTeam201711, ff60-esr
Cc: brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor4

Description

There is a new OffScreenCanvas API that allows running WebGL in web workers (e.g.). This is currently preffed of (ESR45) (gfx.offscreencanvas.enabled is set to false). But this sounds scary enough that we want to make sure that

a) preffing off the feature renders it really unusable (we should do this for esr45)

and

b) if it is preffed on our canvas fingerprinting protections are not harmed (can be checked when we transtions to an esr with this feature enabled).

Child Tickets

Change History (23)

comment:1 Changed 2 years ago by gk

Keywords: tbb-6.0a5 added

comment:2 Changed 2 years ago by mcs

Owner: changed from tbb-team to mcs
Status: newaccepted

Taking ownership of some ff45-esr tickets.

comment:3 Changed 2 years ago by mcs

Cc: brade added

comment:4 Changed 2 years ago by mcs

Kathy and I reviewed the implementation of this feature and also ran some manual tests. We are convinced that this feature is fully disabled by the gfx.offscreencanvas.enabled = false setting, so we should be OK for ESR45. I suggest changing the keywords field on this ticket to ff52-esr.

It is also worth noting that Mozilla's automated tests for offscreen canvas are in dom/canvas/test/test_offscreencanvas*.html but they always set gfx.offscreencanvas.enabled = true.

comment:5 Changed 2 years ago by gk

Keywords: ff52-esr added; ff45-esr tbb-6.0a5 removed
Owner: changed from mcs to tbb-team
Status: acceptedassigned

Thanks, doing so.

comment:6 Changed 17 months ago by gk

Remaining things for offscreen canvas got implemented: https://bugzilla.mozilla.org/show_bug.cgi?id=1172796. That feature is still behind a pref and disabled but we should make sure that the new things are respecting it as well.

comment:7 Changed 17 months ago by gk

Sponsor: Sponsor4

comment:8 Changed 15 months ago by gk

Keywords: tbb-7.0-must added

Adding tickets to our 7.0 ticket list

comment:9 Changed 15 months ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting more tickets on our alpha radar.

comment:10 Changed 15 months ago by gk

Priority: MediumHigh

Moving the investigation tickets to higher priority.

comment:11 Changed 15 months ago by arthuredelstein

Keywords: tbb-fingerprinting added

comment:12 Changed 15 months ago by gk

Keywords: TorBrowserTeam201705 added

Moving more tickets on our May 2015 radar.

comment:13 Changed 14 months ago by gk

Keywords: tbb-7.0-must added; tbb-7.0-must-alpha removed

We are beyond the alpha testing. Moving tickets for tbb-7.0-must.

comment:14 Changed 14 months ago by gk

Keywords: GeorgKoppen201705 added
Owner: changed from tbb-team to gk

comment:15 Changed 14 months ago by gk

Keywords: ff59-esr added; ff52-esr tbb-7.0-must removed
Owner: changed from gk to tbb-team

Looking over the changes in https://bugzilla.mozilla.org/show_bug.cgi?id=1172796 I think they still adhere to the preference being disabled in ESR52. Thus, we can move the real work in determining the fingerprinting issues at least to ff59-esr.

comment:16 Changed 14 months ago by gk

Keywords: TorBrowserTeam201706 added; TorBrowserTeam201705 removed

Moving our tickets to June.

comment:17 Changed 13 months ago by gk

Keywords: TorBrowserTeam201707 added; TorBrowserTeam201706 removed

Moving Tickets to July 2017.

comment:18 Changed 12 months ago by gk

Keywords: TorBrowserTeam201708 added; TorBrowserTeam201707 removed

Moving our Tickets to August.

comment:19 Changed 11 months ago by gk

Keywords: TorBrowserTeam201709 added; TorBrowserTeam201708 removed

Items for September 2017.

comment:20 Changed 10 months ago by gk

Keywords: TorBrowserTeam201710 added; TorBrowserTeam201709 removed

Items for October 2017

comment:21 Changed 8 months ago by gk

Keywords: TorBrowserTeam201711 added; TorBrowserTeam201710 removed

Moving tickets over to November.

comment:23 Changed 6 months ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

Note: See TracTickets for help on using tickets.