Opened 7 weeks ago

Last modified 7 weeks ago

#31887 new defect

maximize warning panel entropy: can reveal app locale

Reported by: Thorin Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I actually thought this had been addressed years ago (maybe it was?) but something nagged me so I did a full test, and added the PoC

Note:

  • In #31598 when LB (letterboxing) is enabled, the warning panel is not used
  • extensions.torbutton.maximize_warnings_remaining cannot be 0
  • user has to initiate FS (I could cover the entire page with an element: but they still have to click it)
  • it only affects *some* locales, not all (but are the others robust to future changes?)
  • so effectively the risk should be fairly low, but then I can also see a lot of users disabling LB (unless we do a better job of educating them: see solutions), so the risk is higher (for those exposed)

PoC

  • https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html
  • just click on the full screen test
  • let the page load first: I had one test where the connection was a bit slow and I clicked too early, and it was all a bit laggy, and I got back 418 pixels. I could fix that by waiting a little longer to grab the second value, but not today.

Observations:

  • ja and ka are unique
  • ar, fa, ko and zh-TW create another bucket
  • mk I can't test (#31725), and ko needs to be confirmed (#31886)
  • Can we rely on previous chrome styling to remain consistent: see the ESR60 ka was 42 pixels like most other languages, but it did not migrate to 40 pixels in ESR68 like most other languages.

Beware:

  • I only tested at default 1000px width. The length of each localized message is not the same, so smaller windows (e.g on smaller screens: are there any?) would provide more entropy, as some would invoke a second or third line and others not.
  • Similarly, if users resize the browser, some 2-liners will become one while others won't: but users should not resize the browser unless they have LBing (in which case, the warnings are disabled)

Obligatory Pic:

  • see attachment: The ESR60 based ones are for nostalgia's sake, as I upgraded my language test suite :)

Possible Solutions:

  • lock the LB pref in the future
  • make the warning panel the same height somehow: e.g just force it to be 100px high or something.
  • ditch the panel UX (or enhance it?) and use a different medium: end-user education: I have some other ideas but no idea how feasible they are, and they tie into informing the user about LB'ing/resizing/maximizing/FS: all in one hit

Child Tickets

Attachments (2)

warning-panel-spreadsheet.png (18.1 KB) - added by Thorin 7 weeks ago.
results
letterbox.png (92.1 KB) - added by Thorin 7 weeks ago.
Interestingly, with a clear LB, the panel still eats the all the dimensions

Download all attachments as: .zip

Change History (3)

Changed 7 weeks ago by Thorin

results

comment:1 Changed 7 weeks ago by gk

Keywords: tbb-fingerprinting-locale added; tbb-fingerprinting removed

Changed 7 weeks ago by Thorin

Attachment: letterbox.png added

Interestingly, with a clear LB, the panel still eats the all the dimensions

Note: See TracTickets for help on using tickets.