MozillaWiki

Security/Fingerprinting

< Security
Revision as of 03:39, 22 November 2017 by Ethantseng (talk | contribs) (Disable some bugzilla queries to speed up the page loading. This page only shows MVP bugs now.)

Cross-Origin Fingerprinting Unlinkability

The anti-fingerprinting project is part of the Tor Uplift project.
Its goal is to build up the same level of fingerprinting resistance as the Tor Browser in Firefox.
Refer to the design and implementation document of the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

Project Schedule

  • Complete the implementation of MVP in Firefox 57 (2018-09-20)
    • This is being tracked by three milestones M1, M2, and M3
  • Feature stabilization and refinement in Firefox 58 (2017-11-13)
    • Perform integration test to identify regressions and Web compatibility issues
    • Perform tests to verify the effectiveness of fingerprinting protection
    • Fix regressions and any other issues
    • Figure out the product strategy of Firefox to roll out this functionality
  • Ship the feature in Firefox 59 (2018-01-15)
    • Tor Browser will be using Firefox ESR 59


Bug Tracking

All fingerprinting bugs are being tracked under the meta bug:
bug 1329996 - [META] Support anti-fingerprinting protection

Priority Definition

  • P1: MVP (Minimum Viable Product)
  • P2: Nice to Have
  • P3: Backlog
  • Any bug which is marked as [fp:m1-3] in the Whiteboard is also MVP, regardless of its Priority

Whiteboard Definition

  • [fingerprinting]: Indicate this is a fingerprinting bug
  • [fp:m1]: Target milestone is M1 (2017-06-12 Firefox 55)
  • [fp:m2]: Target milestone is M2 (2017-08-02 Firefox 56)
  • [fp:m3]: Target milestone is M3 (2017-09-20 Firefox 57)
  • [fp-backlog]: Backlog bugs

Dashboard

MVP: M1 Bugs List (2017-06-12 Firefox 55)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1345322 Create the preference privacy.resistFingerprinting in firefox.js RESOLVED Firefox Settings UI Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true RESOLVED Core DOM: Core & HTML Chris Peterson [:cpeterson] 1217238 [tor 21675][fingerprinting][fp:m1]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) RESOLVED Core JavaScript: Standard Library Jonathan Hao (inactive) [:jhao] 1430975, 1437266, 1442863 [fingerprinting][tor][fp:m1]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns RESOLVED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] RESOLVED Core General Tom Ritter [:tjr] 1382840, 1385597, 1409973 [fingerprinting][tor 16622][fp:m1][fp-triaged]

5 Total; 0 Open (0%); 5 Resolved (100%); 0 Verified (0%);


MVP: M2 Bugs List (2017-08-07 Firefox 56)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] RESOLVED Core Graphics: Color Management Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true RESOLVED Core DOM: Device Interfaces Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
1369357 Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true VERIFIED Firefox General Chung-Sheng Fu [:cfu] 1377820 [fingerprinting][tor][fp:m2]
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true RESOLVED Core JavaScript Engine [fingerprinting][tor][fp:m2]
1369327 Making reader view users uniform when 'privacy.resistFingerprinting' is true RESOLVED Toolkit Reader Mode Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m2]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled RESOLVED Core Web Speech Tim Huang[:timhuang] [tor][fingerprinting][fp:m2]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled RESOLVED Core DOM: Security Tim Huang[:timhuang] 1337161, 1369303 [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1369303 Spoof/Disable performance API when 'privacy.resistFingerprinting' is true VERIFIED Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369309 Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true VERIFIED Core Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369319 Disable device sensors when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Device Interfaces Tim Huang[:timhuang] 1390391 [fingerprinting][tor][fp:m2]
1369328 Open popup windows in new tabs when 'privacy.resistFingerprinting' = true RESOLVED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2][domsecurity-active]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1372072 Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]

13 Total; 0 Open (0%); 10 Resolved (76.92%); 3 Verified (23.08%);


MVP: M3 Bugs List (2017-09-25 Firefox 57)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1383495 Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled RESOLVED Core DOM: Security Ethan Tseng [:ethan] 1472618 [tor][fingerprinting][fp:m3][domsecurity-active]
863246 resource:// URIs leak information (Tor 8725) VERIFIED Core Security Chung-Sheng Fu [:cfu] 1395286, 1395486, 1433715 [tor][fingerprinting][fp:m3]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) RESOLVED Core Graphics: Canvas2D Chung-Sheng Fu [:cfu] 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 [tor][fingerprinting][fp:m3][ux]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting RESOLVED Firefox Settings UI Chung-Sheng Fu [:cfu] 1515001 [tor][fingerprinting][fp:m3][ux]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) RESOLVED Core Graphics: CanvasWebGL Chung-Sheng Fu [:cfu] [tor][tor-standalone][fingerprinting][fp:m3]
1354633 blank MediaError.message when resisting fingerprinting RESOLVED Core Audio/Video: Playback Chung-Sheng Fu [:cfu] [tor 21792][fingerprinting][fp:m3]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true RESOLVED Core WebRTC: Audio/Video Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m3]
1382499 Touch API leaks absolute screen coordinates RESOLVED Core DOM: Events Chung-Sheng Fu [:cfu] [tor 10286][fingerprinting][fp:m3]
1382533 When resisting fingerprinting, don't expose local IP Addresses via mDNS RESOLVED Core DOM: Core & HTML Chung-Sheng Fu [:cfu] [tor 22165][fingerprinting][fp:m3]
1382111 UX improvement for permission prompt to allow extracting HTML5 Canvas data VERIFIED Toolkit Graveyard Notifications and Alerts Jacqueline Savory [:jsavory] UX [tor][fingerprinting][fp:m3][ux]
1330892 <isindex> leaks user locale RESOLVED Core DOM: HTML Parser 1266495 [fingerprinting][tor][fp:m3]
1222285 Keyboard layout is leaked by KeyboardEvent RESOLVED Core DOM: UI Events & Focus Handling Tim Huang[:timhuang] 1439784, 1433592, 1438795, 1470828 [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged]
1382545 Animation API exposes high-res time stamp RESOLVED Core DOM: Animation Tim Huang[:timhuang] 1217238 [tor 16337][fingerprinting][fp:m3]
1384330 Don't expose window.navigator.mozAddonManager data when privacy.resistFingerprinting=true VERIFIED Toolkit Add-ons Manager Tim Huang[:timhuang] [tor 21684][fingerprinting][fp:m3]

14 Total; 0 Open (0%); 11 Resolved (78.57%); 3 Verified (21.43%);


MVP: Bugs To Be Triaged

The following bugs are MVP bugs which are not specified priority yet.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Fingerprinting P2 Bugs List

<disabled-bugzilla> 

   {
       "blocks":"1329996",
       "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"], 
       "priority":["P2"], 
       "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard",
       "order": "status, assigned_to"
   }

</disabled-bugzilla>

Fingerprinting P3-P5 Bugs List

<disabled-bugzilla> 

   {
       "blocks":"1329996",
       "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"], 
       "priority":["P3", "P4", "P5", "--"], 
       "include_fields": "id, summary, status, priority, product, component, assigned_to, depends_on, whiteboard",
       "order": "status, assigned_to"
   }

</disabled-bugzilla>

Fingerprinting Breakage

<disabled-bugzilla> 

   {
       "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"],
       "whiteboard":["fingerprinting-breakage"],
       "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard",
       "order": "status, assigned_to"
   }

</disabled-bugzilla>

All Open Tagged Fingerprinting Bugs

<disabled-bugzilla> 

   {
       "status":["NEW", "ASSIGNED", "REOPENED"],
       "whiteboard":["fingerprinting"],
       "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard",
       "order": "status, assigned_to"
   }

</disabled-bugzilla>

Fingerprinting Resolved Bugs

<disabled-bugzilla> 

   {
       "blocks":"1329996",
       "status":["RESOLVED", "VERIFIED"], 
       "include_fields": "id, summary, priority, product, component, assigned_to, depends_on, whiteboard",
       "order": "assigned_to"
   }

</disabled-bugzilla>

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Fingerprinting&oldid=1184621"