Security/Fingerprinting
< Security
Jump to navigation
Jump to search
Cross-Origin Fingerprinting Unlinkability
The anti-fingerprinting project is part of the Tor Uplift project.
Its goal is to build up the same level of fingerprinting resistance as the Tor Browser in Firefox.
Refer to the design and implementation document of the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
Bug Tracking
All fingerprinting bugs are being tracked under the meta bug:
Bug 1329996 - [META] Support anti-fingerprinting protection
Priority Definition
- P1: MVP (Minimum Viable Product)
- P2: Nice to Have
- P3: Backlog
Whiteboard Definition
- [fingerprinting]: Identify this is a fingerprinting bug
- [fp:m1]: Target milestone is M1 (2017-06-12 Firefox 56)
- [fp:m2]: Target milestone is M2 (2017-08-07 Firefox 57)
- [fp:m3]: Target milestone is M3 (2017-09-25 Firefox 58)
M1 Bugs List (2017-06-12 Firefox 56)
| ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|
| 1217238 | Reduce precision of time exposed by Javascript (Tor 1517) | RESOLVED | Core | JavaScript: Standard Library | Jonathan Hao (inactive) [:jhao] | 1430975, 1437266, 1442863 | [fingerprinting][tor][fp:m1] |
| 1330890 | Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] | RESOLVED | Core | General | Tom Ritter [:tjr] | 1382840, 1385597, 1409973 | [fingerprinting][tor 16622][fp:m1][fp-triaged] |
| 1345322 | Create the preference privacy.resistFingerprinting in firefox.js | RESOLVED | Firefox | Settings UI | Ethan Tseng [:ethan] | [fingerprinting][tor][fp:m1] | |
| 1360039 | Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true | RESOLVED | Core | DOM: Core & HTML | Chris Peterson [:cpeterson] | 1217238 | [tor 21675][fingerprinting][fp:m1] |
| 1367313 | Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m1] [domsecurity-active] |
5 Total; 0 Open (0%); 5 Resolved (100%); 0 Verified (0%);
M2 Bugs List (2017-08-07 Firefox 57)
| ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|
| 1330876 | use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] | RESOLVED | Core | Graphics: Color Management | Chung-Sheng Fu [:cfu] | [fingerprinting] gfx-noted [tor][fp:m2] | |
| 1333641 | Disable WebSpeech API when privacy.resistFingerprinting is enabled | RESOLVED | Core | Web Speech | Tim Huang[:timhuang] | [tor][fingerprinting][fp:m2] | |
| 1333651 | Spoofing Navigator API when resisting fingerprinting is enabled | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | 1337161, 1369303 | [tor][fingerprinting][domsecurity-backlog1][fp:m2] |
| 1337161 | Disable navigator.getGamepads() when privacy.resistFingerprinting = true | RESOLVED | Core | DOM: Device Interfaces | Chung-Sheng Fu [:cfu] | [tor][fingerprinting][fp:m2] | |
| 1369303 | Spoof/Disable performance API when 'privacy.resistFingerprinting' is true | VERIFIED | Core | DOM: Core & HTML | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
| 1369309 | Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true | VERIFIED | Core | Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
| 1369319 | Disable device sensors when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Device Interfaces | Tim Huang[:timhuang] | 1390391 | [fingerprinting][tor][fp:m2] |
| 1369327 | Making reader view users uniform when 'privacy.resistFingerprinting' is true | RESOLVED | Toolkit | Reader Mode | Jonathan Hao (inactive) [:jhao] | [fingerprinting][tor][fp:m2] | |
| 1369328 | Open popup windows in new tabs when 'privacy.resistFingerprinting' = true | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2][domsecurity-active] | |
| 1369330 | Make javascript use English locale when 'privacy.resistFingerprinting' is true | RESOLVED | Core | JavaScript Engine | [fingerprinting][tor][fp:m2] | ||
| 1369357 | Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true | VERIFIED | Firefox | General | Chung-Sheng Fu [:cfu] | 1377820 | [fingerprinting][tor][fp:m2] |
| 1372069 | Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Geolocation | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
| 1372072 | Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Core & HTML | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] |
13 Total; 0 Open (0%); 10 Resolved (76.92%); 3 Verified (23.08%);
M3 Bugs List (2017-09-25 Firefox 58)
| ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|
| 863246 | resource:// URIs leak information (Tor 8725) | VERIFIED | Core | Security | Chung-Sheng Fu [:cfu] | 1395286, 1395486, 1433715 | [tor][fingerprinting][fp:m3] |
| 967895 | Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) | RESOLVED | Core | Graphics: Canvas2D | Chung-Sheng Fu [:cfu] | 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 | [tor][fingerprinting][fp:m3][ux] |
| 1039069 | Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting | RESOLVED | Firefox | Settings UI | Chung-Sheng Fu [:cfu] | 1515001 | [tor][fingerprinting][fp:m3][ux] |
| 1217290 | Add fingerprinting resistance for WebGL (Tor 16005) | RESOLVED | Core | Graphics: CanvasWebGL | Chung-Sheng Fu [:cfu] | [tor][tor-standalone][fingerprinting][fp:m3] | |
| 1222285 | Keyboard layout is leaked by KeyboardEvent | RESOLVED | Core | DOM: UI Events & Focus Handling | Tim Huang[:timhuang] | 1439784, 1433592, 1438795, 1470828 | [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged] |
| 1330892 | <isindex> leaks user locale | RESOLVED | Core | DOM: HTML Parser | 1266495 | [fingerprinting][tor][fp:m3] |
6 Total; 0 Open (0%); 5 Resolved (83.33%); 1 Verified (16.67%);
Anti-Fingerprinting - P2
| ID | Summary | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|
| 1041818 | take steps to mitigate canvas fingerprinting | Core | Graphics | 665630, 1502831, 1647906 | [fingerprinting][tor][fp-triaged] | |
| 1397996 | scrollbar thickness reveals platform | Core | DOM: Core & HTML | [tor][fingerprinting][fp-triaged][tor 22137] | ||
| 1414311 | New window size is different than expected after changing screen dpi (with privacy.resistFingerprinting pref enabled) | Core | Privacy: Anti-Tracking | [fingerprinting][fp-triaged][tor 30970] | ||
| 1485249 | WebGL extensions should be disabled when private.resistFingerprinting is enabled | Core | Graphics: CanvasWebGL | [tor 6370][gfx-noted][fingerprinting][fp-triaged] | ||
| 1948457 | Window rounding fingerprinting protection no longer works with vertical tabs enabled, all windows created maximized | Firefox | Sidebar | [fidefe-sidebar] |
5 Total; 5 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Anti-Fingerprinting - P3~P5
| ID | Summary | Priority | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|
| 572650 | [meta] Reduce the amount of data and entropy sent out in HTTP requests | P5 | Core | Networking: HTTP | 566434, 736373, 1556223, 1609304, 414057, 527886, 572652, 572656, 572659, 572661, 572665, 572667, 572668, 581008, 581783, 582421, 583181, 584683, 586165, 588909, 588913, 591537, 591573, 630357, 643352, 648186, 669814, 697383, 728582, 728585, 728831, 728888, 728894, 728952, 729089, 757726, 765048, 793978, 799899, 817450, 1054739, 1090433, 1313580, 1861847, 1873273 | [fingerprinting][necko-would-take][fp-triaged] | |
| 1314443 | Audit the existing disable WebRTC preferences and ensure they work as advertised | P3 | Core | WebRTC | Tom Ritter [:tjr] | [tor][fingerprinting][tor-mobile][fp-triaged] | |
| 1315203 | XSHM: Cross Site History Manipulation (information leakage) | P3 | Core | DOM: Navigation | 1436489 | [fingerprinting][fp-triaged] | |
| 1330882 | When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] | P3 | Core | XUL | 1475973, 1600044, 1352141, 1352305, 1353894, 1355717, 1364398, 1401440, 1418537 | [fingerprinting][tor][fp-triaged] | |
| 1401493 | Perform Fingerprint Comparison of Tor Browser and Firefox | P3 | Firefox | Settings UI | 1403813, 1403876, 1413707, 1413837, 1413842, 1414001, 1414153, 1428331 | [tor][fingerprinting][fp-triaged] | |
| 1403747 | When privacy.resistFingerprinting is true, warn users not to maximize their window | P5 | Core | Window Management | [tor][fingerprinting][fp-triaged] | ||
| 1409974 | KeyboardEvent.location could be used as a user behavior fingerprinting vector. | P3 | Core | DOM: UI Events & Focus Handling | [fingerprinting][fp-triaged] | ||
| 1422482 | OS username disclosure using downloads manager | P3 | Firefox | Downloads Panel | [fingerprinting][tor] | ||
| 1422862 | Make OffscreenCanvas respect Canvas Permission Prompt so you don't always get a placeholder | P3 | Core | Graphics: Canvas2D | Fatih Kilic [:fkilic] | 967895 | [fingerprinting][gfx-noted][fp-triaged][fpp:m8] |
| 1422890 | Add additional Canvas Fingerprinting Tests | P3 | Core | Graphics: Canvas2D | [fingerprinting][gfx-noted][fp-triaged] | ||
| 1439784 | Fix the KeyboardEvent mochitests | P3 | Core | DOM: UI Events & Focus Handling | 1358653, 1438795 | [tor][fingerprinting][fp-triaged] | |
| 1448046 | Can we remove the window.Components shim? | P3 | Core | DOM: Core & HTML | Tom Ritter [:tjr] | 1448048 | |
| 1450401 | mozFullScreen leaks exact screen resolution | P3 | Core | Window Management | [fingerprinting][fp-triaged] | ||
| 1472808 | For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale | P3 | Core | DOM: UI Events & Focus Handling | [tor][fingerprinting][fp-triaged] | ||
| 1485258 | When privacy.spoof_english is true, don't reveal locale by charset fallback | P3 | Core | DOM: HTML Parser | [tor 20025][fingerprinting][fp-triaged] | ||
| 1490728 | Improve discoverability/explanation of RFP | P3 | Core | DOM: Security | [tor][fingerprinting][domsecurity-backlog1][fp-triaged] | ||
| 1507879 | Investigate getClientRects for fingerprinting | P3 | Core | DOM: CSS Object Model | 1538718 | [tor 29564][fingerprinting][fp-triaged] | |
| 1542676 | Round subpixel accuracy of window properties to integers when resistfingerprinting is enabled | P3 | Core | DOM: Core & HTML | [tor 26607][fingerprinting] | ||
| 1672093 | css @media RFP + window/screen subpixel entropy | P3 | Core | CSS Parsing and Computation | |||
| 1677733 | Bookmarks toolbar for new tabs changes screen resolution for new window when privacy.resistFingerprinting is turned on | P3 | Firefox | Bookmarks & History | [sng] | ||
| 1746668 | Use web exposed locales instead of regional locales where appropriate | -- | Firefox | Settings UI | Pier Angelo Vendrame | 1846224 | |
| 1781277 | Do not base storage estimate on user's disk when RFP is enabled | -- | Core | Storage: Quota Manager | Fatih Kilic [:fkilic] | 1735713 | |
| 1823580 | Act as though intl.regional_prefs.use_os_locales is false when RFP is enabled | -- | Core | DOM: Security | [domsecurity-backlog] | ||
| 1876810 | With privacy.resistFingerprinting, "☑ Remember this decision" forgetting which camera and microphone was shared is confusing | P3 | Core | WebRTC: Audio/Video | 1876636 | ||
| 1909736 | RFP: hide textDecoration's underline computedStyle on links | -- | Core | CSS Parsing and Computation | |||
| 1914839 | Port resist fingerprinting logic from MediaCapabilities decode side to the encode side | -- | Core | Audio/Video: Recording | Fatih Kilic [:fkilic] | ||
| 1947439 | RFP new window size is off because of roundings on partial values | P3 | Core | Window Management | |||
| 1954170 | PreXULSkeletonUI doesn't trigger RoundWindowSize RFP Target | P3 | Core | Privacy: Anti-Tracking | |||
| 1957254 | RFP: provide [more plausible] hardwareConcurrency per OS | -- | Core | DOM: Core & HTML |
29 Total; 29 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Resolved Bugs
| ID | Summary | Priority | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|
| 267645 | Page can obtain path to Mozilla installation or possibly profile by examining JavaScript exceptions | P3 | Core | Security | Boris Zbarsky [:bzbarsky] | 268370, 503228 | [sg:want] stepping-stone [fingerprinting][fp-triaged][adv-main75-] |
| 461204 | Boundary delimiter for HTTP file posts is static. That is wrong according to RFC. | -- | Core | DOM: Core & HTML | Tom Ritter [:tjr] | [sg:low][tor 22919][adv-main74-] | |
| 467035 | <!DOCTYPE> ignores contentaccessible, leaks DTD strings and therefore browser UI locale | P2 | Core | XML | Alex Catarineu (Tor Browser dev) | 1228117 | [sg:low][fingerprinting][fp-triaged][tor 30304][adv-main70-] |
| 527667 | DOM Storage (localStorage, sessionStorage) data is not cleared when "Clear Recent History" is used with Time range not "Everything" | P1 | Core | DOM: Core & HTML | 600366, 536544 | [sg:want][tor][fingerprinting] | |
| 583181 | Don't reveal navigator.buildID to every site on the web | P3 | Core | DOM: Core & HTML | Chris Peterson [:cpeterson] | 966030, 1216225, 1493490 | [fingerprinting] |
| 654550 | Preference to disable video statistics | -- | Core | Audio/Video | leonard.beck | [tor] [fingerprinting] | |
| 680300 | Restrict discoverability of protocol handlers [Tor 1623] | P2 | Core | Networking | Tim Huang[:timhuang] | 1514834 | [fingerprinting][probing][necko-backlog][tor] |
| 732096 | Add a preference to prevent local font enumeration | P3 | Core | Layout | 1121643 | [fingerprinting][tor][tor-standalone] | |
| 779197 | Use a protocol not accessible from content | P3 | Add-on SDK Graveyard | General | 820213, 852297 | [fingerprinting] | |
| 811582 | window JS object provides a large amount of identifiable information | -- | Core | DOM: Core & HTML | [fingerprinting][fp-triaged] | ||
| 903959 | custom resource://foo/ allows fingerprinting addons | -- | Core | Security | [fingerprinting] | ||
| 967895 | Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) | P1 | Core | Graphics: Canvas2D | Chung-Sheng Fu [:cfu] | 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 | [tor][fingerprinting][fp:m3][ux] |
| 1039069 | Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting | P1 | Firefox | Settings UI | Chung-Sheng Fu [:cfu] | 1515001 | [tor][fingerprinting][fp:m3][ux] |
| 1077986 | offline storage permission setting not working correctly | -- | Firefox | Settings UI | [tor][fingerprinting] | ||
| 1121643 | Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) | P3 | Core | Graphics: Text | Arthur Edelstein [:arthur] | 1306715, 1426544, 1458364 | [gfx-noted] [tor][fingerprinting] |
| 1216800 | some chrome code may be incorrectly receiving spoofed devicePixelRatio | -- | Core | DOM: Core & HTML | [fingerprinting] | ||
| 1217238 | Reduce precision of time exposed by Javascript (Tor 1517) | P1 | Core | JavaScript: Standard Library | Jonathan Hao (inactive) [:jhao] | 1430975, 1437266, 1442863 | [fingerprinting][tor][fp:m1] |
| 1217290 | Add fingerprinting resistance for WebGL (Tor 16005) | P1 | Core | Graphics: CanvasWebGL | Chung-Sheng Fu [:cfu] | [tor][tor-standalone][fingerprinting][fp:m3] | |
| 1222285 | Keyboard layout is leaked by KeyboardEvent | P1 | Core | DOM: UI Events & Focus Handling | Tim Huang[:timhuang] | 1439784, 1433592, 1438795, 1470828 | [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged] |
| 1222924 | Stop exposing the moz-icon URL scheme to the web | P3 | Core | Graphics: ImageLib | :Gijs (he/him) | [gfx-noted][fingerprinting][fp:m4][adv-main59-] | |
| 1233691 | Redesign mediaDevices.enumerateDevices() API | -- | Core | WebRTC | |||
| 1290481 | Implement mitigations for opaque response storage in the DOM cache | P2 | Core | DOM: Core & HTML | Tom Tung [:tt, :ttung] | 1468434, 1367309, 1398043, 1398231, 1402581 | [storage-v1][fingerprinting][adv-main57-] |
| 1308340 | checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) | -- | Firefox | Settings UI | Arthur Edelstein [:arthur] | [tor][fingerprinting][fp-backlog][fp-triaged] | |
| 1314448 | Create a build target that adds --disable-webrtc to the mozconfig | P3 | Release Engineering | General | [tor][tor-testing][fingerprinting] | ||
| 1330876 | use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] | P1 | Core | Graphics: Color Management | Chung-Sheng Fu [:cfu] | [fingerprinting] gfx-noted [tor][fp:m2] | |
| 1330890 | Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] | P1 | Core | General | Tom Ritter [:tjr] | 1382840, 1385597, 1409973 | [fingerprinting][tor 16622][fp:m1][fp-triaged] |
| 1330892 | <isindex> leaks user locale | P1 | Core | DOM: HTML Parser | 1266495 | [fingerprinting][tor][fp:m3] | |
| 1333641 | Disable WebSpeech API when privacy.resistFingerprinting is enabled | P1 | Core | Web Speech | Tim Huang[:timhuang] | [tor][fingerprinting][fp:m2] | |
| 1333651 | Spoofing Navigator API when resisting fingerprinting is enabled | P1 | Core | DOM: Security | Tim Huang[:timhuang] | 1337161, 1369303 | [tor][fingerprinting][domsecurity-backlog1][fp:m2] |
| 1333933 | Disable/spoof fingerprintable features when privacy.resistFingerprinting = true | P1 | Core | General | Arthur Edelstein [:arthur] | 1337157, 1337161 | [tor][fingerprinting][fp-backlog][fp-triaged] |
| 1337157 | privacy.resistFingerprinting should disable WEBGL_debug_renderer_info | P2 | Core | Graphics: CanvasWebGL | Tom Ritter [:tjr] | 1171228 | gfx-noted, [tor][fingerprinting] |
| 1337161 | Disable navigator.getGamepads() when privacy.resistFingerprinting = true | P1 | Core | DOM: Device Interfaces | Chung-Sheng Fu [:cfu] | [tor][fingerprinting][fp:m2] | |
| 1345322 | Create the preference privacy.resistFingerprinting in firefox.js | P1 | Firefox | Settings UI | Ethan Tseng [:ethan] | [fingerprinting][tor][fp:m1] | |
| 1354633 | blank MediaError.message when resisting fingerprinting | P2 | Core | Audio/Video: Playback | Chung-Sheng Fu [:cfu] | [tor 21792][fingerprinting][fp:m3] | |
| 1360039 | Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true | P1 | Core | DOM: Core & HTML | Chris Peterson [:cpeterson] | 1217238 | [tor 21675][fingerprinting][fp:m1] |
| 1363508 | Consider how to do Anti-fingerprinting for Pointer Events | P1 | Core | DOM: Events | Tim Huang[:timhuang] | 1492766, 1492775 | [tor 25794][fingerprinting] |
| 1364261 | Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true | P3 | Core | Privacy: Anti-Tracking | 1401440 | [tor][fingerprinting-breakage][fp-backlog][fp-triaged] | |
| 1367313 | Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns | P1 | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m1] [domsecurity-active] | |
| 1369319 | Disable device sensors when 'privacy.resistFingerprinting' is true | P1 | Core | DOM: Device Interfaces | Tim Huang[:timhuang] | 1390391 | [fingerprinting][tor][fp:m2] |
| 1369327 | Making reader view users uniform when 'privacy.resistFingerprinting' is true | P1 | Toolkit | Reader Mode | Jonathan Hao (inactive) [:jhao] | [fingerprinting][tor][fp:m2] | |
| 1369328 | Open popup windows in new tabs when 'privacy.resistFingerprinting' = true | P1 | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2][domsecurity-active] | |
| 1369330 | Make javascript use English locale when 'privacy.resistFingerprinting' is true | P1 | Core | JavaScript Engine | [fingerprinting][tor][fp:m2] | ||
| 1372069 | Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true | P1 | Core | DOM: Geolocation | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
| 1372072 | Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true | P1 | Core | DOM: Core & HTML | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
| 1372073 | Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true | P3 | Core | WebRTC: Audio/Video | Chung-Sheng Fu [:cfu] | [fingerprinting][tor][fp:m3] | |
| 1382499 | Touch API leaks absolute screen coordinates | P3 | Core | DOM: Events | Chung-Sheng Fu [:cfu] | [tor 10286][fingerprinting][fp:m3] | |
| 1382533 | When resisting fingerprinting, don't expose local IP Addresses via mDNS | P2 | Core | DOM: Core & HTML | Chung-Sheng Fu [:cfu] | [tor 22165][fingerprinting][fp:m3] | |
| 1382545 | Animation API exposes high-res time stamp | P2 | Core | DOM: Animation | Tim Huang[:timhuang] | 1217238 | [tor 16337][fingerprinting][fp:m3] |
| 1383495 | Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled | P3 | Core | DOM: Security | Ethan Tseng [:ethan] | 1472618 | [tor][fingerprinting][fp:m3][domsecurity-active] |
| 1390465 | disable or limit WebVTT with privacy.resistFingerprinting | P3 | Core | Audio/Video: Playback | Fatih Kilic [:fkilic] | [tor][fingerprinting][fp-triaged] | |
| 1392844 | Ensure that Stylo respects privacy.resistFingerprinting | P3 | Core | Layout | [tor][fingerprinting][stylo][fp-backlog] | ||
| 1393283 | privacy.resistFingerprinting should change the user agent to 52, not 50 | P2 | Core | DOM: Security | Ethan Tseng [:ethan] | [tor][fingerprinting][domsecurity-active] | |
| 1393662 | Making IsResistFingerprintingEnabled() checks in nsRFPService::ReduceTimePrecisionAs* inline and changing the name of nsRFPService::ReduceTimePrecisionAs* into MaybeReduceTimePrecisionAs* | P2 | Core | DOM: Security | Tom Ritter [:tjr] | [fingerprinting][tor][domsecurity-backlog][fp:m4] | |
| 1394735 | Enabling privacy.resistFingerprinting causes jank in jquery scrolling | -- | Core | Layout | 1424341 | [fingerprinting][fp-triaged] | |
| 1396468 | Spoof navigator.oscpu as 'Windows NT 6.1; Win64; x64' when resisting fingerprinting is enabled | P2 | Core | DOM: Security | Ethan Tseng [:ethan] | [tor][fingerprinting][domsecurity-active] | |
| 1397994 | CSS line-height reveals platform | P5 | Core | CSS Parsing and Computation | Pier Angelo Vendrame | [tor 23104][tor 23701][tor 29563][fingerprinting][fp-triaged] | |
| 1399279 | initial viewport too small for fullscreen WebApps with privacy.resistFingerprinting enabled | P5 | Firefox for Android Graveyard | Web Apps (PWAs) | [fingerprinting][fp-triaged][tor-mobile] | ||
| 1400582 | Deleting all history still leaves some traces that can be used to precisely track individual users. | P3 | Core | Storage: IndexedDB | [tor][fingerprinting] | ||
| 1403099 | game in http://www.best.io/paper-io has very bad performance due to anti-fingerprinting setting (needs higher resolution timer) | P5 | Core | DOM: Security | 1424341 | [domsecurity-backlog][fingerprinting][fp-triaged] | |
| 1404608 | Do not lie about Operating System when privacy.resistFingerprinting is true | P3 | Core | DOM: Security | Tim Huang[:timhuang] | [domsecurity-backlog3][fingerprinting-breakage] | |
| 1405810 | Setting privacy.resistFingerprinting=true breaks cmd keyboard shortcuts for Google Docs on OSX | P1 | Core | DOM: Security | 1404608 | [domsecurity-backlog1][tor][fingerprinting-breakage][fp-triaged] | |
| 1405842 | Devices returned from enumerateDevices have the same deviceId across originattributes | -- | Core | WebRTC: Audio/Video | [usercontextId][tor] | ||
| 1407366 | When privacy.resistFingerprinting=true, dynamically round content dimensions | P2 | Core | Window Management | Tom Ritter [:tjr] | 1594455, 1790988, 1489493, 1595394, 1620347, 1640548, 1744439, 1788839 | [fingerprinting][fp-triaged][tor 14429] |
| 1408702 | Resist fingerprinting causes scrollbar glitch in Firefox 58 | P2 | Core | Layout | Emilio Cobos Álvarez (:emilio) | [tor][fingerprinting-breakage] | |
| 1409809 | Constantly remind people about privacy.resistFingerprinting | -- | Firefox | Security | [fingerprinting-breakage] | ||
| 1409973 | Make Date.toLocaleDateString and Intl.DateTimeFormat anti-fingerprintable | P1 | Core | JavaScript Engine | Tom Ritter [:tjr] | 818634, 1039069, 1333933, 1358653, 1369330 | [fingerprinting][tor][fp-triaged] |
| 1418537 | Bad window height set when bookmarks toolbar is open with resistfingerprinting option | P3 | Core | Window Management | [fingerprinting][fp-triaged][tor 27845] | ||
| 1420234 | The privacy.resistFingerprinting flag interferes with the JS Date object | -- | Core | JavaScript Engine | [fingerprinting] | ||
| 1425130 | Sensor API exposes a High-Res timestamp | P3 | Core | DOM: Security | [fingerprinting][domsecurity-backlog1][fp-triaged] | ||
| 1428331 | HiDPI and privacy.resistFingerprinting | -- | Core | Layout | 1554751 | [fingerprinting][fp-triaged] | |
| 1432506 | Implement the Canvas Permission Prompt on Fennec | P3 | Firefox for Android Graveyard | General | 1413780 | [fingerprinting][fp-triaged] | |
| 1433815 | Ensure EnableOrientationChangeListener respects privacy.resistFingerprinting | P3 | Core | DOM: Core & HTML | [tor-mobile][fingerprinting][fp-triaged] | ||
| 1436226 | Hardcode VP8/VP9 algorithm choice when resisting fingerprinting | P2 | Core | Audio/Video: Playback | Fatih Kilic [:fkilic] | [tor 22548] [fingerprinting][fp-triaged] | |
| 1437266 | Navigating back on youtube sometimes fails and restarts the current video with resistFingerprinting enabled | P3 | Core | DOM: Security | 1776678, 1803976 | [fingerprinting][domsecurity-backlog1][fp-triaged] | |
| 1437349 | Detect if user install certain software with external protocol | -- | Core | DOM: Security | [fingerprinting] | ||
| 1442863 | Smooth scrolling implementations perform badly with resistFingerprinting's reduced timer precision | P3 | Core | DOM: Core & HTML | [fingerprinting][fp-triaged] | ||
| 1446472 | privacy.resistFingerprinting is true blocks QR code (canvas) on web.whatsapp.com without any notice | P2 | Core | Graphics: Canvas2D | Tim Huang[:timhuang] | [fingerprinting] [gfx-noted][fp-triaged] | |
| 1447592 | Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false | P2 | Firefox | Security | Tom Ritter [:tjr] | [fingerprinting-breakage] | |
| 1450561 | Resist screen elements dimensions fingerprinting | P5 | Core | DOM: Security | [tor][fingerprinting][domsecurity-backlog1][fp-triaged] | ||
| 1456378 | privacy.resistFingerprinting breaks image cropping in Expensify | P2 | Core | DOM: Security | [domsecurity-backlog1][fingerprinting][fp-triaged] | ||
| 1459089 | Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers | -- | Firefox for Android Graveyard | General | Igor Oliveira | [fingerprinting] | |
| 1460145 | privacy.resistfingerprinting breaks the square selection on the HOT Tasking Manager | P2 | Core | DOM: Security | Tim Huang[:timhuang] | [domsecurity-backlog1][fingerprinting][fp-triaged] | |
| 1461454 | Support Resist Fingerprinting in canPlayType and Media Capabilities APIs | P2 | Core | Audio/Video: Playback | Tom Ritter [:tjr] | [tor 13543][fingerprinting][fp-triaged] | |
| 1462115 | privacy.resistfingerprinting affects the timezone displayed in native file picker dialogs | P3 | Core | DOM: Security | 1491343 | [tor][fingerprinting][domsecurity-backlog1][fp-triaged] | |
| 1466025 | enforce DNT header when privacy.resistFingerprinting=true | P3 | Core | DOM: Security | [fingerprinting][domsecurity-backlog1][fp-triaged] | ||
| 1468957 | privacy.resistFingerprinting set to true breaks https://www.google.com/streetview/ | P2 | Core | DOM: Security | Tim Huang[:timhuang] | [domsecurity-backlog1][fingerprinting][fp-triaged] | |
| 1470828 | privacy.resistFingerprinting breaks some shortcut keys | P2 | Core | DOM: UI Events & Focus Handling | [fingerprinting][fp-triaged] | ||
| 1478158 | Guard prefers-reduced-motion by Resist Fingerprinting pref | P3 | Core | CSS Parsing and Computation | Hiroyuki Ikezoe (:hiro) | 1479230, 1479239 | [fingerprinting] |
| 1485266 | When privacy.resistFingerprinting = true, use stand-ins for native colors | P2 | Core | Graphics: Color Management | Gary Chen [:xeonchen] | [tor][gfx-noted][fingerprinting][fp-triaged] | |
| 1485268 | When privacy.resistFingerprinting = true, Reader mode shouldn't parse on load | -- | Toolkit | Reader Mode | [tor] | ||
| 1485280 | Prevent fingerprinting by SpeechRecognition | P3 | Core | Web Speech | [tor][fingerprinting][fp-triaged] | ||
| 1486258 | Regression tests to check that new Intl APIs respect privacy.spoof_english | P2 | Core | JavaScript: Internationalization API | Gary Chen [:xeonchen] | [tor 26611][fingerprinting][fp-triaged] | |
| 1492587 | Ensure the date picker does not leak user locale when "privacy.spoof_english" == 2 | P2 | Toolkit | UI Widgets | Gary Chen [:xeonchen] | [tor 21787][fingerprinting][fp-triaged] | |
| 1492766 | Fingerprinting protection for pointerEvent.pointerid | P2 | Core | DOM: Events | Tim Huang[:timhuang] | [fingerprinting][fp-triaged] | |
| 1492775 | Consider how to do fingerprinting resistance for pointer events for mobile | P3 | Core | DOM: Events | 1507495 | [fingerprinting][fp-triaged] | |
| 1507280 | Ensure the reporting URI respects Resist Fingerprinting wrt locale | P3 | Core | DOM: Security | Fatih Kilic [:fkilic] | 1492036 | [fingerprinting][fp-triaged][domsecurity-backlog] |
| 1509829 | privacy.resistFingerprinting: UA header, upstream Tor 26146 | P3 | Core | DOM: Security | Tom Ritter [:tjr] | [tor][fingerprinting][domsecurity-backlog1][fp-triaged] | |
| 1511434 | privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14 | P2 | Core | DOM: Security | Chris Peterson [:cpeterson] | [tor][fingerprinting][domsecurity-active][fp-triaged] | |
| 1511763 | privacy.resistFingerprinting: Fix calculation of spoofed ESR version for ESR >= 68.0 | P2 | Core | DOM: Security | Chris Peterson [:cpeterson] | [domsecurity-active][fp-triaged] | |
| 1515001 | Debug build crashes with `privacy.spoof_english` set | P1 | Firefox | Settings UI | Tom Ritter [:tjr] | [tor 28875][fp-triaged] | |
| 1518839 | In RFP: Only Spoof the OS in the User Agent; and do not lie in the HTTP Header | -- | Core | DOM: Security | Tom Ritter [:tjr] | 1404608, 1405810 | [tor 26146][fingerprinting] |
| 1519122 | In RFP Mode, spoof the modifier state "Meta" in OSX into a "Ctrl" state in keyboard events. | P2 | Core | DOM: UI Events & Focus Handling | 1404608, 1405810 | [tor][fingerprinting] | |
| 1529391 | Don't spoof version number in User Agent with privacy.resistFingerprinting enabled | P3 | Core | DOM: Security | [fingerprinting][domsecurity-backlog] | ||
| 1535761 | [meta] Remove native theming for content | P3 | Core | Widget | 1381938, 1411425, 1615026, 1615028, 1615105, 1615830, 1618260, 1619425, 1620246, 1620297, 1620307, 1620360, 1620362, 1620451, 1620476, 1620479, 1621319, 1621331, 1625716, 1627961, 1638821, 1646558, 1671401, 1671516, 1671703, 1673287, 1674010, 1675132, 1682210, 1682731, 1685010, 1685196, 1685225, 1685962, 1685963, 1686606, 1686613, 1687177, 1687178, 1687202, 1687838, 1687865, 1687881, 1688325, 1688978, 1689094, 1689098, 1689252, 1689286, 1689477, 1689615, 1689848, 1690140, 1690194, 1690842, 1690910, 1690954, 1691064, 1691183, 1692306, 1693591, 1694059, 1695984, 1696378, 1696437, 1696988, 1697053, 1697055, 1697110, 1698284, 1698302, 1698318, 1698336, 1698343, 1698783, 1698969, 1699800, 1699930, 1700794, 1700802, 1702282, 1702755, 1709634, 1764172 | [fingerprinting][overhead:noted][fp-triaged] [not-a-fission-bug] | |
| 1538130 | privacy.resistFingerprinting should not create windows with rounded dimensions when letterboxing is enabled | P5 | Core | Window Management | Kestrel | 1407366 | [fingerprinting][tor] |
| 1539503 | Ensure CSS device-pixel-ratio (and related) and imgset/srcset obeys Fingerprinting Resistance | -- | Core | CSS Parsing and Computation | [fingerprinting][tor] | ||
| 1560574 | ftp:// on Windows can be used to leak the system time zone (Tor 30800) | P2 | Core Graveyard | Networking: FTP | Gary Chen [:xeonchen] | 1564434 | [fingerprinting][tor 30800] [necko-triaged] |
| 1560816 | screen size under privacy.resistFingerprinting should return nearest closest common resolution instead of exact window dimensions | P3 | Core | DOM: Security | [domsecurity-backlog3] | ||
| 1561322 | UI locale is detectable by button width | -- | Firefox | Untriaged | Alex Catarineu (Tor Browser dev) | [tor 24056] | |
| 1564422 | Change `outputLatency` and `getOutputTimestamp` when `resistFingerPrinting` is enabled | P2 | Core | Web Audio | Paul Adenot (:padenot) | ||
| 1577243 | Unconditionally clamp the requestAnimationFrame timestamp (and clamp/jitter it in RFP mode) | -- | Core | DOM: Animation | Tom Ritter [:tjr] | ||
| 1581537 | Browser UI locale is leaked in several ways | P3 | Core | DOM: Core & HTML | Alex Catarineu (Tor Browser dev) | [tor 30683][fingerprinting] | |
| 1586657 | Dialog for spoofing the locale in resist-fingerprinting-mode contains non-localized buttons | P3 | Core | Internationalization | [tor 31980] | ||
| 1595823 | Fix the AudioContext's sample-rate if privacy.resistFingerprinting is enabled | P3 | Core | Web Audio | Paul Adenot (:padenot) | [fingerprinting] | |
| 1601040 | Add UI for modifying resistFingerprinting prefs when privacy.resistFingerprinting is enabled | -- | Firefox | Settings UI | morgan (Tor Project) | [tor 32325][fingerprinting] | |
| 1607027 | css @media device-pixel-ratio and RFP | -- | Core | CSS Parsing and Computation | |||
| 1607316 | Implement separate fingerprinting resistance treatment of @media interaction features for desktop and android | -- | Core | Layout | Tom Ritter [:tjr] | [fingerprinting][tor 32886] | |
| 1615419 | Panopticlick says browser has a unique fingerprint even with privacy.resistFingerprinting = true and Content Blocking: Strict | -- | Core | Privacy: Anti-Tracking | |||
| 1615483 | hide VR devices when privacy.resistFingerprinting = true | -- | Core | WebVR | [fingerprinting] | ||
| 1621433 | In RFP mode, turn the all-white canvas into a fully random 'poison pill' | P2 | Core | DOM: Security | Tom Ritter [:tjr] | [fingerprinting][domsecurity-active] | |
| 1621988 | Some Google Docs Shortcuts still don't work under Resist Fingerprinting | P3 | Core | DOM: Security | [tor][fingerprinting][domsecurity-backlog1] | ||
| 1625771 | privacy.resistFingerprinting: Fix calculation of spoofed ESR version (affecting releases >=76) | -- | Core | DOM: Security | |||
| 1628373 | Lie better about desktop platform when privacy.resistFingerprinting is set to true | -- | Core | DOM: Security | |||
| 1635011 | resistFingerprinting: Bump spoofed OS versions to macOS 10.15 and Android 9 | P3 | Core | DOM: Security | Chris Peterson [:cpeterson] | 1511434 | [domsecurity-active] |
| 1640449 | Privacy and security features should prevent localhost and local network WebSocket abuse | P3 | Core | DOM: Networking | [fingerprinting][necko-triaged] | ||
| 1666160 | Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems | P3 | Core | DOM: Security | Tom Ritter [:tjr] | 1929134 | [domsecurity-backlog1] |
| 1670199 | RFP + font visibility = 1: entropy improvements | -- | Core | Layout: Text and Fonts | |||
| 1673237 | ignore svg.disabled=false in about pages | -- | Core | SVG | sanketh | [tor 27002] | |
| 1680365 | RFP userAgent/header on Android doesn't follow Fenix naming convention | P3 | Core | DOM: Security | Chris Peterson [:cpeterson] | [domsecurity-backlog1] | |
| 1690038 | Scrollbar is enabled and disabled based on a setting in macOS system preferences | P2 | Core | DOM: Security | [fingerprinting][tor 22632] | ||
| 1693861 | Collect Telemetry for how many users have enabled RFP | P2 | Core | DOM: Security | Tom Ritter [:tjr] | [domsecurity-active] | |
| 1708593 | Enhance resist fingerprinting: Disable web audio (API) by default when privacy.resistFingerprinting is enabled | -- | Core | Security | |||
| 1709330 | audit PDF.js for RFP and dFPI | P5 | Firefox | PDF Viewer | [pdfjs-integration] | ||
| 1711179 | resistFingerprinting: Bump spoofed Android OS version to 10 | P3 | Core | DOM: Security | Chris Peterson [:cpeterson] | 1635011 | [domsecurity-active] |
| 1745715 | Bundled fonts should have Base visibility even when they are also system-wide installed | P3 | Core | Layout: Text and Fonts | Pier Angelo Vendrame | ||
| 1758520 | Disable WebGPU when RFP is enabled | -- | Core | Graphics: WebGPU | |||
| 1762390 | Should Gecko_MediaFeatures_MatchesPlatform account for ResistFingerprinting? | -- | Core | DOM: CSS Object Model | |||
| 1772711 | privacy.resistFingerprinting caps fps to 60 | P3 | Core | Privacy: Anti-Tracking | |||
| 1781172 | report real world system font set when enable privacy.resistFingerprinting | -- | Core | Layout: Text and Fonts | |||
| 1787790 | getComputedStyle reports a wrong family for system fonts under certain conditions | -- | Core | Layout: Text and Fonts | Pier Angelo Vendrame | [fingerprinting] | |
| 1818894 | RFP: harden network information protection | -- | Core | DOM: Core & HTML | [fingerprinting] | ||
| 1825378 | RFP offscreen canvas allows extension override | -- | Core | Graphics: Canvas2D | |||
| 1827576 | RFP Math sin/cos/tan spoofing missing for asm.js | P2 | Core | JavaScript: WebAssembly | Tom Schuster (MoCo) | 531915, 1823880 | |
| 1832598 | Smooth scrolls are disabled if the user prefers-reduced-motion regardless of fingerprint resistance | -- | Core | Layout: Scrolling and Overflow | Dan Robertson (:dlrobertson) | ||
| 1832845 | Remove the pref `autoDeclineNoUserInputCanvasPrompts` | -- | Core | Privacy: Anti-Tracking | Fatih Kilic [:fkilic] | 1832681 | |
| 1871789 | RFPTarget PointerEvents leaks mozPressure + mozInputSource | -- | Core | DOM: Events | Fatih Kilic [:fkilic] | ||
| 1876636 | With privacy.resistFingerprinting track.label & track.getSettings().deviceId differ from enumerateDevices() | P2 | Core | WebRTC: Audio/Video | Jan-Ivar Bruaroey [:jib] (needinfo? me) | ||
| 1880108 | Placeholders on the datetime widget ignore spoof English | -- | Toolkit | UI Widgets | Pier Angelo Vendrame | ||
| 1885258 | Remove the IsHidden Exemption for Font Allowlist | -- | Core | Layout: Text and Fonts | Tom Ritter [:tjr] | ||
| 1891690 | EXSLT leaks timezones also when RFP is enabled | -- | Core | XSLT | Fatih Kilic [:fkilic] | ||
| 1899736 | Can not use 2nd webcam at webcamtests.com with privacy.resistFingerprinting enabled | -- | Firefox for Android | Media | Fatih Kilic [:fkilic] | 1900402 | |
| 1900648 | XSLT error messages can leak browser UI language | -- | Core | XSLT | Pier Angelo Vendrame | 1959147 | [tor 42288][fingerprinting] |
| 1924087 | SVG Switch Element leaks language even with spoof language | P3 | Core | Privacy: Anti-Tracking | Fatih Kilic [:fkilic] | ||
| 1944211 | RFPTarget PointerEvents mozPressure not compat | -- | Core | DOM: Events | Fatih Kilic [:fkilic] |
154 Total; 154 Open (100%); 0 Resolved (0%); 0 Verified (0%);