Opened 8 years ago

Closed 3 years ago

Last modified 4 months ago

#5293 closed task (fixed)

Neuter fingerprinting with Battery API

Reported by: mikeperry Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, ff52-esr-will-have
Cc: gk, erinn, Sebastian, mikeperry, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Firefox 10 added a battery API that is off by default:
https://developer.mozilla.org/en/DOM/window.navigator.mozBattery

Battery properties such as exact capacity, charge rate, and drain rate can provide fingerprinting information.

It looks like the current API does not provide exact capacity, but charge rate and drain rates can be calculated. Probably not a big deal, but it should be trivial to obfuscate/discretize with Object.defineProperty if we need to.

Child Tickets

Change History (15)

comment:1 Changed 8 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 8 years ago by mikeperry

Milestone: TorBrowserBundle 2.3.x-stableTorBrowserBundle 2.2.x-stable
Priority: normalmajor
Summary: Keep an eye on Battery APIHook charging+discharching rates in Battery API

Wow that was fast. On by default in Firefox 11 already.

Looks like they gave us a good option for concealing charging time: "Returns positive infinity, if the battery is discharging or if the implementation is unable report the remaining charging time."

So we should probably just always return that for chargingTime and -infinity for dischargingTime.

What the hell represents "positive infinity" in a loosely-typed language though, I wonder...

comment:3 Changed 8 years ago by rransom

Cc: erinn Sebastian added
Priority: majorblocker

How did a Firefox 11 TBB get released without this piece of malware disabled?

comment:4 Changed 8 years ago by rransom

lodger mentioned a ‘dom.battery.enabled’ setting on IRC; perhaps that could be used to turn this ‘feature’ off quickly.

comment:5 Changed 8 years ago by Sebastian

Cc: mikeperry added

It's pretty easy, mike is the firefox guy. So without new input from him we take what we have and release that. Mike should confirm any fixes.

comment:6 Changed 8 years ago by mikeperry

Priority: blockermajor

This is not even close to a blocker. It's a fingerprinting issue with very likely low amounts of entropy and the actual source of that entropy isn't even available if the battery is fully charged.

I admit it is a larger concern that there is non-uniform OS support for the feature, but that was not documented when I reviewed that API url 5 weeks ago.

Feel free to set the pref in TBB builds until someone writes the hooks (and the OS support normalizes). Don't close this ticket if you do.. Make a different one if you want to use trac to track the change.

comment:7 Changed 8 years ago by mikeperry

Keywords: tbb-fingerprinting added

comment:8 Changed 8 years ago by mikeperry

Note that this may require a patch as opposed to JS hooks unless #5857 is solved. The pref remains off, though, so no rush.

comment:9 Changed 5 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:10 Changed 4 years ago by gk

Cc: gk added; g.koppen@… removed
Keywords: tbb-torbutton removed
Milestone: TorBrowserBundle 2.2.x-stable
Summary: Hook charging+discharching rates in Battery APINeuter fingerprinting with Battery API

https://eprint.iacr.org/2015/616.pdf has some good information.

comment:11 Changed 4 years ago by mcs

Cc: mcs added

comment:12 Changed 3 years ago by cypherpunks

Keywords: ff52-esr-will-have added
Severity: Normal

Also

pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations

is no longer needed.

Last edited 4 months ago by cypherpunks (previous) (diff)

comment:13 Changed 3 years ago by gk

Resolution: fixed
Status: newclosed

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1.

comment:14 in reply to:  13 ; Changed 2 years ago by cypherpunks

Replying to gk:

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1.

Not removed in a clean new 7.0 stable.

comment:15 in reply to:  14 Changed 2 years ago by gk

Replying to cypherpunks:

Replying to gk:

Good idea. Removed with commit 885479878d591ce61fa573912eae4ea062dc54c6 and 886808dc4e21eef3595fa1042f792927bb898193 on tor-browser-52.1.0esr-7.0-2 and tor-browser-52.1.1esr-7.0-1.

Not removed in a clean new 7.0 stable.

Actually, that bit got removed. What is happening is that we still have code in Torbutton that is messing with the preference. I have opened #22554 to address this.

Note: See TracTickets for help on using tickets.