Opened 3 years ago

Closed 2 years ago

#19199 closed defect (duplicate)

Allow user to completely disable canvas content and related warning popup from a checkbox in TorButton's "Privacy Settings"

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability, ux-team
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Canvas-based fingerprinting is a potent threat to anonymity. I believe it does not make sense to have it potentially enabled (following a popup dialog) at elevated Security Slider settings, and even with the Security Slider on "High," and probably also on Medium-High, Medium, and potentially Medium-Low.

Fingerprintable canvas content (and its related popup) should be completely disabled when the Security Slider is at one of these elevated settings, and it should be transparent to the user. It may make sense to still present the icon in the address bar so that it can be enabled manually, on a per-site or per-page basis, if a user needs this feature.

Thank you all so much.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by gk

Parent ID: #18027
Resolution: wontfix
Status: newclosed

It's a security slider and no privacy slider. And that is on purpose. Mixing both things is not a good idea as this makes communicating the goal of the slider harder and analysis of its effect as well.

comment:2 Changed 3 years ago by bugzilla

The rationale here is: "present the icon in the address bar so that it can be enabled manually, on a per-site or per-page basis, if a user needs this feature." instead of annoying popup.

comment:3 Changed 3 years ago by cypherpunks

Resolution: wontfix
Status: closedreopened
Summary: Completely disable canvas content and related warning popup based on Security Slider settingAllow user to completely disable canvas content and related warning popup from a checkbox in TorButton's "Privacy Settings"

Thanks gk, understood. In that case, I believe that such a toggle is absolutely appropriate in the dialog area just above the Security Slider in "Privacy & Security Settings..." as an additional checkbox.

I propose that the box's description should read "Disable HTML5 Canvas content."

Further comments welcome.

Version 0, edited 3 years ago by cypherpunks (next)

comment:4 Changed 3 years ago by cypherpunks

Component: Applications/Tor BrowserApplications/Torbutton

comment:5 Changed 3 years ago by bugzilla

Component: Applications/TorbuttonApplications/Tor Browser
Keywords: privacy anonymity fingerprinting removed

Torbutton is deprecated.

comment:6 Changed 2 years ago by cypherpunks

Keywords: tbb-usability ux-team added

comment:7 Changed 2 years ago by linda

We'll take this into consideration when we're working on #23151.

comment:8 Changed 2 years ago by linda

Resolution: duplicate
Status: reopenedclosed

Relevant parent

Note: See TracTickets for help on using tickets.