Neuter fingerprinting with Battery API

Firefox 10 added a battery API that is off by default: https://developer.mozilla.org/en/DOM/window.navigator.mozBattery

Battery properties such as exact capacity, charge rate, and drain rate can provide fingerprinting information.

It looks like the current API does not provide exact capacity, but charge rate and drain rates can be calculated. Probably not a big deal, but it should be trivial to obfuscate/discretize with Object.defineProperty if we need to.

added component::applications/tor browser ff52-esr-will-have owner::tbb-team priority::high resolution::fixed severity::normal status::closed tbb-fingerprinting type::task labels

Trac:
Cc: N/A to g.koppen@jondos.de

Wow that was fast. On by default in Firefox 11 already.

Looks like they gave us a good option for concealing charging time: "Returns positive infinity, if the battery is discharging or if the implementation is unable report the remaining charging time."

So we should probably just always return that for chargingTime and -infinity for dischargingTime.

What the hell represents "positive infinity" in a loosely-typed language though, I wonder...

Trac:
Milestone: TorBrowserBundle 2.3.x-stable to TorBrowserBundle 2.2.x-stable
Priority: normal to major
Summary: Keep an eye on Battery API to Hook charging+discharching rates in Battery API

How did a Firefox 11 TBB get released without this piece of malware disabled?

Trac:
Cc: g.koppen@jondos.de to g.koppen@jondos.de, erinn, Sebastian
Priority: major to blocker

lodger mentioned a ‘dom.battery.enabled’ setting on IRC; perhaps that could be used to turn this ‘feature’ off quickly.

It's pretty easy, mike is the firefox guy. So without new input from him we take what we have and release that. Mike should confirm any fixes.

Trac:
Cc: g.koppen@jondos.de, erinn, Sebastian to g.koppen@jondos.de, erinn, Sebastian, mikeperry

This is not even close to a blocker. It's a fingerprinting issue with very likely low amounts of entropy and the actual source of that entropy isn't even available if the battery is fully charged.

I admit it is a larger concern that there is non-uniform OS support for the feature, but that was not documented when I reviewed that API url 5 weeks ago.

Feel free to set the pref in TBB builds until someone writes the hooks (and the OS support normalizes). Don't close this ticket if you do.. Make a different one if you want to use trac to track the change.

Trac:
Priority: blocker to major

Trac:
Keywords: N/A deleted, tbb-fingerprinting added

Note that this may require a patch as opposed to JS hooks unless #5857 (closed) is solved. The pref remains off, though, so no rush.

Trac:
Owner: mikeperry to tbb-team
Keywords: N/A deleted, tbb-torbutton added
Component: TorBrowserButton to Tor Browser

https://eprint.iacr.org/2015/616.pdf has some good information.

Trac:
Summary: Hook charging+discharching rates in Battery API to Neuter fingerprinting with Battery API
Milestone: TorBrowserBundle 2.2.x-stable to N/A
Cc: g.koppen@jondos.de, erinn, Sebastian, mikeperry to gk, erinn, Sebastian, mikeperry
Keywords: tbb-torbutton deleted, N/A added

Trac:
Cc: gk, erinn, Sebastian, mikeperry to gk, erinn, Sebastian, mikeperry, mcs

Also

pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations

is no longer needed.

Trac:
Keywords: N/A deleted, ff52-esr-will-have added
Reviewer: N/A to N/A
Sponsor: N/A to N/A
Severity: N/A to Normal

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1.

Trac:
Resolution: N/A to fixed
Status: new to closed

Replying to gk:

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1. Not removed in a clean new 7.0 stable.

Replying to cypherpunks:

Replying to gk:

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1. Not removed in a clean new 7.0 stable.

Actually, that bit got removed. What is happening is that we still have code in Torbutton that is messing with the preference. I have opened #22554 (moved) to address this.

closed

mentioned in issue #5404 (closed)

mentioned in issue #5857 (closed)

mentioned in issue #7006 (closed)