WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

This is a spin-off of #30531 (moved) where it got realized that the Windows WebGL fingerprint measured e.g. by Pantopiclick is different from the Linux one(s).

added component::applications/tor browser owner::tbb-team priority::high severity::normal status::new tbb-fingerprinting tbb-fingerprinting-os type::defect labels

comment:2:ticket:30531 reported 6992168724b997c74fc89f1e4a9301ce (I guess that's a Windows 10 system?)

I got the same on a Windows 10 system inside Virtualbox. On a Windows 7 system both inside Virtualbox and on bare metal I get 224a8abee799ec6381e06293de4565f6. All three test results are collected on the same laptop.

So, it seems we have at least a fingerprint difference between major Windows versions (+ the OS difference). I wonder where this is coming from...

Trac:
Keywords: N/A deleted, tbb-fingerprinting-os added

Replying to gk:

comment:2:ticket:30531 reported 6992168724b997c74fc89f1e4a9301ce (I guess that's a Windows 10 system?) Yes, the latest. I got the same on a Windows 10 system inside Virtualbox. On every config without anti-aliasing support. On a Windows 7 system both inside Virtualbox and on bare metal I get 224a8abee799ec6381e06293de4565f6. BTW, the test gives a lot of

Error: WebGL warning: Exceeded 16 live WebGL contexts for this principal, losing the least recently used one.

So, it seems we have at least a fingerprint difference between major Windows versions (+ the OS difference). I wonder where this is coming from... What is your renderer on Win 7? I got the same results on Software Adapter Direct3D11 vs_5_0 ps_5_0.

FWIW:

Win 7 64bit (bare metal) just 8.5a12 64bit

• 224a8abee799ec6381e06293de4565f6
• 2x Error: WebGL warning: Exceeded 16 live WebGL contexts...

Win 7 32bit (VM)

• 224a8abee799ec6381e06293de4565f6
• 17x Error: WebGL warning: Disallowing antialiased backbuffers due to blacklisting
• then 1x Error: WebGL warning: Exceeded 16 live WebGL contexts...
• then 1x Error: WebGL warning: Disallowing antialiased backbuffers...
• repeat the last two lines about a dozen times

Win10 64bit (VM) 8.5.a12 64bit & 32bit

• 6992168724b997c74fc89f1e4a9301ce
• a plethora of errors

---

Please advise: I was going to open another ticket when I had done some more testing, but readPixels is not covered by RFP (see https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests [1], on windows I get entropy. Not sure if unique or just OS.

• Windows 7 32bit 2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c
• Windows 7 64bit ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3
• Windows10 64bit c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25

It seems to be consistent on Linux, and Mac i have no idea: here's some data

• Mint Cinnamon 32/64bit not supported
• Ubuntu GNOME 5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329
• Debian GNOME 5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329
• Mac 10.14 96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210

So besides windows OS entropy, theres at least two buckets for Linux?

[1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#canvas

Replying to Thorin:

[snip]

Please advise: I was going to open another ticket when I had done some more testing, but readPixels is not covered by RFP (see https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests [1], on windows I get entropy. Not sure if unique or just OS.

Yes, could you please open another ticket for the readPixels issue? I wonder what version you tested with in https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7. Given that it is from a month ago and we did not change anything substantially for a while now regarding our WebGL fingerprinting behavior that's a bit puzzling (we removed WebGL only as click-to-play from default Tor Browser mode).

• Windows 7 32bit 2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c
• Windows 7 64bit ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3
• Windows10 64bit c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25

It seems to be consistent on Linux, and Mac i have no idea: here's some data

• Mint Cinnamon 32/64bit not supported
• Ubuntu GNOME 5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329
• Debian GNOME 5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329
• Mac 10.14 96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210

Interestingly, I get your macOS one on one of my Linux boxes.

I wonder what version you tested with in ​https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7

I now realize this is to do with this ticket, not the new readPIxels one. That was 8.5a10, which I just retested, and I now get 224a8abee799ec6381e06293de4565f6 - so it's a panopticlick code change

Replying to cypherpunks:

Replying to gk:

comment:2:ticket:30531 reported 6992168724b997c74fc89f1e4a9301ce (I guess that's a Windows 10 system?) Yes, the latest. I got the same on a Windows 10 system inside Virtualbox. On every config without anti-aliasing support. On a Windows 7 system both inside Virtualbox and on bare metal I get 224a8abee799ec6381e06293de4565f6. And on the same Windows 10 system with hardware-accelerated renderer. (Although, it has ADVANCED_LAYERS broken by env: Failed to render sanity test.)

Replying to cypherpunks:

Replying to gk:

[snip]

So, it seems we have at least a fingerprint difference between major Windows versions (+ the OS difference). I wonder where this is coming from... What is your renderer on Win 7? I got the same results on Software Adapter Direct3D11 vs_5_0 ps_5_0.

Where did you find that string? If on about:support what's the attribute I've to check?

o_0 WebGL 1 Driver Renderer obviously.

Replying to cypherpunks:

o_0 WebGL 1 Driver Renderer obviously.

ANGLE (ATI Mobility Radeon HD 5650 Direct3D11 vs_5_0 ps_5_0) is shown for the bare metal Windows 7 version ANGLE (Software Adapter Direct3D11 vs_5_0 ps_5_0) is shown for the Windows 7 VM ANGLE (Microsoft Basic Render Driver Direct3D11 vs_5_0 ps_5_0) is shown for the Windows 10 VM

(all three of them are on the same laptop)

So, that's due to Firefox doesn't recognize Win 10 renderer:

D3D11_COMPOSITING Blocklisted; failure code BLOCKLIST_FEATURE_FAILURE_UNKNOWN_DEVICE_VENDOR

that changes the fingerprint and triggers:

Error: WebGL warning: Disallowing antialiased backbuffers due to blacklisting.  canvas.js:180:11

Forcing MSAA fixes that error, but doesn't change the fingerprint.

Replying to cypherpunks:

So, that's due to Firefox doesn't recognize Win 10 renderer: {{{ D3D11_COMPOSITING Blocklisted; failure code BLOCKLIST_FEATURE_FAILURE_UNKNOWN_DEVICE_VENDOR }}} https://hg.mozilla.org/mozilla-central/file/06ee65d8ccdef77673ccc43098525565a11ce370/widget/windows/GfxInfo.cpp#l1415 Microsoft Basic Render Driver is a system device, therefore it doesn't have VendorID. Vendor lock by Mozilla. What a shame! that changes the fingerprint and triggers: {{{ Error: WebGL warning: Disallowing antialiased backbuffers due to blacklisting. canvas.js:180:11 }}} There is a strong opinion to disable it everywhere: https://bugzilla.mozilla.org/show_bug.cgi?id=809550 Forcing MSAA fixes that error, but doesn't change the fingerprint. Bad Mozilla. You need two: "To force-enable WebGL, go to about:config and set webgl.force-enabled=true. To force-enable WebGL anti-aliasing, go to about:config and set webgl.msaa-force=true." https://wiki.mozilla.org/Blocklisting/Blocked_Graphics_Drivers#How_to_force-enable_blocked_graphics_features to finally get 224a8abee799ec6381e06293de4565f6.

Related issues (still not fixed): https://bugzilla.mozilla.org/show_bug.cgi?id=1429587 https://bugzilla.mozilla.org/show_bug.cgi?id=1383295 https://bugzilla.mozilla.org/show_bug.cgi?id=1419111

moved to tpo/applications/tor-browser#30537