Opened 3 years ago

Last modified 2 years ago

#18946 new defect

Investigate fingerprinting potential of lack of H.264 support

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, TorBrowserTeam201605
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On Linux H.264 is enabled as long as ffmpeg is available. This might be a fingerprinting vector. We should investigate whether this is actually the case.

Child Tickets

Change History (10)

comment:1 Changed 3 years ago by gk

Keywords: TorBrowserTeam201605 added

Dragging into May to have it on our 6.0 radar.

comment:2 Changed 3 years ago by cypherpunks

Keywords: TorBrowserTeam201605 removed

A lot of Tor Browser users want H.264 support and don't mind if the 'cost' of it is revealing them to be wisely using Linux. In any case, it should be a choice.

comment:3 Changed 3 years ago by cypherpunks

Keywords: TorBrowserTeam201605 added

comment:4 Changed 3 years ago by cypherpunks

"Enable H.264 video for this site/URL bar domain?", cleared on new identity.

comment:5 Changed 3 years ago by arthuredelstein

One option might be to bundle H.264 support. Tor Browser is not currently attempting to hide Linux vs OS X vs Windows.

comment:6 in reply to:  5 Changed 3 years ago by cypherpunks

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:7 Changed 3 years ago by cypherpunks

If we keep saying this, isn't it going to make it harder in the future if Tor Project decides to distinguish OSes? (to me this looks likely)

By the way: someone on cypherpunks keep deleting this post

comment:8 in reply to:  7 Changed 3 years ago by arthuredelstein

Replying to cypherpunks:

If we keep saying this, isn't it going to make it harder in the future if Tor Project decides to distinguish OSes? (to me this looks likely)

It's a valid concern. From my viewpoint, the benefits of making different platforms indistinguishable are outweighed by the costs of damaged usability and the huge effort required, particularly as there are a number of other things we still need to do with higher priority. But I am open to being persuaded otherwise.

By the way: someone on cypherpunks keep deleting this post

Someone may have deleted your comment because it's somewhat off topic. I would suggest bringing the topic up in the tbb-dev mailing list instead, where I would be happy to discuss it further.

comment:9 Changed 3 years ago by gk

Keywords: ff45-esr removed

No particular ESR45 item (anymore).

comment:10 in reply to:  5 Changed 2 years ago by cypherpunks

Summary: Investigate fingerprinting potential of enabling H.264 on LinuxInvestigate fingerprinting potential of lack of H.264 support

Replying to arthuredelstein:

One option might be to bundle H.264 support.

Good idea. Most modern browsers support it http://html5test.com/compare/feature/video.codecs.mp4.h264.html
And it also makes https://www.youtube.com/html5 happy.
Not only Linux affected.
Built-in support is much more better, than relying on systems' backends and 3rd-party codecs.

Note: See TracTickets for help on using tickets.