Security/Fingerprinting
Contents
- 1 Cross-Origin Fingerprinting Unlinkability
- 2 Technical Details
- 3 Project Schedule
- 4 Bug Tracking
- 5 Dashboard
- 5.1 MVP: M1 Bugs List (2017-06-12 Firefox 55)
- 5.2 MVP: M2 Bugs List (2017-08-07 Firefox 56)
- 5.3 MVP: M3 Bugs List (2017-09-25 Firefox 57)
- 5.4 MVP: Bugs To Be Triaged
- 5.5 Fingerprinting P2 Bugs List
- 5.6 Fingerprinting P3-P5 Bugs List
- 5.7 Fingerprinting Breakage
- 5.8 All Open Tagged Fingerprinting Bugs
- 5.9 Fingerprinting Resolved Bugs
Cross-Origin Fingerprinting Unlinkability
The anti-fingerprinting project is part of the Tor Uplift project.
Its goal is to build up the same level of fingerprinting resistance as the Tor Browser in Firefox.
Refer to the design and implementation document of the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
Technical Details
This page contains technical details about the things we do in Resist fingerprinting mode. It is up to date as of March 7, 2018
Terse List
- Complicated (see below)
- Canvas image extraction is blocked
- Absolute Screen Coordinates are obscured
- Window Dimensions are rounded to a multiple of 200x100, and a warning is shown when maximizing
- We only allow specific system fonts to be used, and we ship them to the user using kinto
- Non-Trivial (see below)
- The performance API is mostly disabled
- Time Precision is reduced to 100ms, with up to 100ms of jitter
- mozAddonManager may be blocked bug 1384330
- Media Devices are spoofed bug 1372073
- WebGL is limited bug 1217290
- The Keyboard Layout is spoofed
- The Locale is spoofed to en-US
- The Date Input Field and Date Picker Panel are spoofed to en-US bug 1492587
- If you customize the preferred language list (Accept-Language), you will be warned bug 1039069
- System Media Queries will never match bug 1479240
- The Pointer Event is spoofed bug 1363508 and also pointerEvent.pointerid bug 1492766
- Trivial
- The browser version is reported to be the most recent ESR version (but the OS is not spoofed)
- Timezone is spoofed to 'UTC'
- The gamepad API is disabled
- All device sensors are disabled
- The WebSpeech API is disabled
- WEBGL_debug_renderer_info extension is disabled bug 1337157
- navigator.hardwareConcurrency is spoofed to 2
- Site-specific zoom is disabled bug 1369357
- MediaError.message is restricted to a whitelist bug 1354633
- The Network Information API reports an 'Unknown' connection type, and the ontypechange event is suppressed bug 1372072
- The Media Statistics API will report calculated numbers not reflecting reality bug 1369309
- Web Extensions are able to toggle privacy.resistFingerprinting
- Geolocation is disabled bug 1372069 - but this will be reverted bug 1441295
- screen.orientation.type is spoofed as 'landscape-primary' and screen.orientation.angle is spoofed to '0' bug 1281949 but also bug 1433815
- navigator.plugins and navigator.mimeTypes are reported as empty bug 1281963 and bug 1324044
- prefers-reduced-motion always returns false bug 1478158
- AudioContext OutputLatency is spoofed bug 1564422
- prefers-color-scheme always says light mode.
Details
Canvas Fingerprinting Detection
Absolute Screen Coordinates
Window Dimensions
Fonts
TODO
Performance API
Most performance APIs are disabled, but not all of them. TODO more details.
Time Precision Reduction
TODO more details
- animation API - bug 1382545
mozAddonManager
window.navigator.mozAddonManager is only exposed to addons.mozilla.org. In Resist Fingerprinting mode, we keep it exposed; however if the additional preference 'privacy.resistFingerprinting.block_mozAddonManager' is true, then it is not exposed to AMO
Media Devices
When RFP is enabled, enumerateDevices reports that the user has one camera (named 'Internal Camera') and one microphone (named 'Internal Microphone'). The devicechange event is also suppressed.
WebGL
TODO
Keyboard Layout
bug 1222285, bug 1438795, bug 1409974, bug 1433592
Locale
bug 867501, bug 1330892, bug 1369330, bug 1409973
Accept-Languages
Project Schedule
- Complete the implementation of MVP in Firefox 57 (2017-09-20)
- This is being tracked by three milestones M1, M2, and M3
- Feature stabilization and refinement in Firefox 58 (2017-11-13)
- Perform integration test to identify regressions and Web compatibility issues
- Perform tests to verify the effectiveness of fingerprinting protection
- Fix regressions and any other issues
- Figure out the product strategy of Firefox to roll out this functionality
- Ship the feature in Firefox 59 (2018-01-15)
- Tor Browser will be using Firefox ESR 59
Bug Tracking
All fingerprinting bugs are being tracked under the meta bug:
bug 1329996 - [META] Support anti-fingerprinting protection
Priority Definition
- P1: MVP (Minimum Viable Product)
- P2: Nice to Have
- P3: Backlog
- Any bug which is marked as [fp:m1-3] in the Whiteboard is also MVP, regardless of its Priority
Whiteboard Definition
- [fingerprinting]: Indicate this is a fingerprinting bug
- [fp:m1]: Target milestone is M1 (2017-06-12 Firefox 55)
- [fp:m2]: Target milestone is M2 (2017-08-02 Firefox 56)
- [fp:m3]: Target milestone is M3 (2017-09-20 Firefox 57)
- [fp-backlog]: Backlog bugs
Dashboard
MVP: M1 Bugs List (2017-06-12 Firefox 55)
ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
---|---|---|---|---|---|---|---|
1345322 | Create the preference privacy.resistFingerprinting in firefox.js | RESOLVED | Firefox | Settings UI | Ethan Tseng [:ethan] | [fingerprinting][tor][fp:m1] | |
1360039 | Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true | RESOLVED | Core | DOM: Core & HTML | Chris Peterson [:cpeterson] | 1217238 | [tor 21675][fingerprinting][fp:m1] |
1217238 | Reduce precision of time exposed by Javascript (Tor 1517) | RESOLVED | Core | JavaScript: Standard Library | Jonathan Hao (inactive) [:jhao] | 1430975, 1437266, 1442863 | [fingerprinting][tor][fp:m1] |
1367313 | Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m1] [domsecurity-active] | |
1330890 | Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] | RESOLVED | Core | General | Tom Ritter [:tjr] | 1382840, 1385597, 1409973 | [fingerprinting][tor 16622][fp:m1][fp-triaged] |
5 Total; 0 Open (0%); 5 Resolved (100%); 0 Verified (0%);
MVP: M2 Bugs List (2017-08-07 Firefox 56)
ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
---|---|---|---|---|---|---|---|
1330876 | use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] | RESOLVED | Core | Graphics: Color Management | Chung-Sheng Fu [:cfu] | [fingerprinting] gfx-noted [tor][fp:m2] | |
1337161 | Disable navigator.getGamepads() when privacy.resistFingerprinting = true | RESOLVED | Core | DOM: Device Interfaces | Chung-Sheng Fu [:cfu] | [tor][fingerprinting][fp:m2] | |
1369357 | Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true | VERIFIED | Firefox | General | Chung-Sheng Fu [:cfu] | 1377820 | [fingerprinting][tor][fp:m2] |
1369330 | Make javascript use English locale when 'privacy.resistFingerprinting' is true | RESOLVED | Core | JavaScript Engine | [fingerprinting][tor][fp:m2] | ||
1369327 | Making reader view users uniform when 'privacy.resistFingerprinting' is true | RESOLVED | Toolkit | Reader Mode | Jonathan Hao (inactive) [:jhao] | [fingerprinting][tor][fp:m2] | |
1333641 | Disable WebSpeech API when privacy.resistFingerprinting is enabled | RESOLVED | Core | Web Speech | Tim Huang[:timhuang] | [tor][fingerprinting][fp:m2] | |
1333651 | Spoofing Navigator API when resisting fingerprinting is enabled | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | 1337161, 1369303 | [tor][fingerprinting][domsecurity-backlog1][fp:m2] |
1369303 | Spoof/Disable performance API when 'privacy.resistFingerprinting' is true | VERIFIED | Core | DOM: Core & HTML | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
1369309 | Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true | VERIFIED | Core | Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
1369319 | Disable device sensors when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Device Interfaces | Tim Huang[:timhuang] | 1390391 | [fingerprinting][tor][fp:m2] |
1369328 | Open popup windows in new tabs when 'privacy.resistFingerprinting' = true | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2][domsecurity-active] | |
1372069 | Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Geolocation | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] | |
1372072 | Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true | RESOLVED | Core | DOM: Core & HTML | Tim Huang[:timhuang] | [fingerprinting][tor][fp:m2] |
13 Total; 0 Open (0%); 10 Resolved (76.92%); 3 Verified (23.08%);
MVP: M3 Bugs List (2017-09-25 Firefox 57)
ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
---|---|---|---|---|---|---|---|
1383495 | Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled | RESOLVED | Core | DOM: Security | Ethan Tseng [:ethan] | 1472618 | [tor][fingerprinting][fp:m3][domsecurity-active] |
863246 | resource:// URIs leak information (Tor 8725) | VERIFIED | Core | Security | Chung-Sheng Fu [:cfu] | 1395286, 1395486, 1433715 | [tor][fingerprinting][fp:m3] |
967895 | Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) | RESOLVED | Core | Graphics: Canvas2D | Chung-Sheng Fu [:cfu] | 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 | [tor][fingerprinting][fp:m3][ux] |
1039069 | Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting | RESOLVED | Firefox | Settings UI | Chung-Sheng Fu [:cfu] | 1515001 | [tor][fingerprinting][fp:m3][ux] |
1217290 | Add fingerprinting resistance for WebGL (Tor 16005) | RESOLVED | Core | Graphics: CanvasWebGL | Chung-Sheng Fu [:cfu] | [tor][tor-standalone][fingerprinting][fp:m3] | |
1354633 | blank MediaError.message when resisting fingerprinting | RESOLVED | Core | Audio/Video: Playback | Chung-Sheng Fu [:cfu] | [tor 21792][fingerprinting][fp:m3] | |
1372073 | Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true | RESOLVED | Core | WebRTC: Audio/Video | Chung-Sheng Fu [:cfu] | [fingerprinting][tor][fp:m3] | |
1382499 | Touch API leaks absolute screen coordinates | RESOLVED | Core | DOM: Events | Chung-Sheng Fu [:cfu] | [tor 10286][fingerprinting][fp:m3] | |
1382533 | When resisting fingerprinting, don't expose local IP Addresses via mDNS | RESOLVED | Core | DOM: Core & HTML | Chung-Sheng Fu [:cfu] | [tor 22165][fingerprinting][fp:m3] | |
1382111 | UX improvement for permission prompt to allow extracting HTML5 Canvas data | VERIFIED | Toolkit Graveyard | Notifications and Alerts | Jacqueline Savory [:jsavory] UX | [tor][fingerprinting][fp:m3][ux] | |
1330892 | <isindex> leaks user locale | RESOLVED | Core | DOM: HTML Parser | 1266495 | [fingerprinting][tor][fp:m3] | |
1222285 | Keyboard layout is leaked by KeyboardEvent | RESOLVED | Core | DOM: UI Events & Focus Handling | Tim Huang[:timhuang] | 1439784, 1433592, 1438795, 1470828 | [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged] |
1382545 | Animation API exposes high-res time stamp | RESOLVED | Core | DOM: Animation | Tim Huang[:timhuang] | 1217238 | [tor 16337][fingerprinting][fp:m3] |
1384330 | Don't expose window.navigator.mozAddonManager data when privacy.resistFingerprinting=true | VERIFIED | Toolkit | Add-ons Manager | Tim Huang[:timhuang] | [tor 21684][fingerprinting][fp:m3] |
14 Total; 0 Open (0%); 11 Resolved (78.57%); 3 Verified (21.43%);
MVP: Bugs To Be Triaged
The following bugs are MVP bugs which are not specified priority yet.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Fingerprinting P2 Bugs List
<disabled-bugzilla>
{ "blocks":"1329996", "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"], "priority":["P2"], "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard", "order": "status, assigned_to" }
</disabled-bugzilla>
Fingerprinting P3-P5 Bugs List
<disabled-bugzilla>
{ "blocks":"1329996", "status":["NEW", "ASSIGNED", "REOPENED", "RESOLVED", "VERIFIED"], "priority":["P3", "P4", "P5", "--"], "include_fields": "id, summary, status, priority, product, component, assigned_to, depends_on, whiteboard", "order": "status, assigned_to" }
</disabled-bugzilla>
Fingerprinting Breakage
ID | Summary | Status | Product | Component | Assigned to | Depends on | Whiteboard |
---|---|---|---|---|---|---|---|
1433592 | Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled | VERIFIED | Core | DOM: UI Events & Focus Handling | Arthur Edelstein [:arthur] | [fingerprinting-breakage][tor 17009] | |
1409677 | WebGL fails to initialize when resistFingerprint is enabled | RESOLVED | Core | Graphics: CanvasWebGL | Daosheng Mu[:daoshengmu] | [tor][fingerprinting-breakage][fp:backlog][gfx-noted] | |
1408702 | Resist fingerprinting causes scrollbar glitch in Firefox 58 | RESOLVED | Core | Layout | Emilio Cobos Álvarez (:emilio) | [tor][fingerprinting-breakage] | |
1453916 | Fix canvas APIs in extension content scripts when resistFingerprinting is enabled | VERIFIED | Core | Graphics: Canvas2D | Tom S [:evilpie] | 1412961 | [fingerprinting][fingerprinting-breakage][gfx-noted] |
1364261 | Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true | RESOLVED | Core | Privacy: Anti-Tracking | 1401440 | [tor][fingerprinting-breakage][fp-backlog][fp-triaged] | |
1396322 | privacy.resist.fingerprinting breaks Tampermonkey | RESOLVED | WebExtensions | General | [fingerprinting-breakage] | ||
1405810 | Setting privacy.resistFingerprinting=true breaks cmd keyboard shortcuts for Google Docs on OSX | RESOLVED | Core | DOM: Security | 1404608 | [domsecurity-backlog1][tor][fingerprinting-breakage][fp-triaged] | |
1409809 | Constantly remind people about privacy.resistFingerprinting | RESOLVED | Firefox | Security | [fingerprinting-breakage] | ||
1436309 | resistFingerprinting prevents browser shortcuts to work in some pages | RESOLVED | Core | DOM: UI Events & Focus Handling | [fingerprinting-breakage] | ||
1438474 | resistFingerprinting breaks taking screenshots | RESOLVED | Core | Security | [fingerprinting-breakage] | ||
1452391 | PNG favicons show up as white square when privacy.resistFingerprinting is enabled | RESOLVED | Core | Graphics: Canvas2D | [fingerprinting-breakage] | ||
1466326 | privacy.resistFingerprinting set to true breaks Proxy Switcher and Manager | RESOLVED | Core | Graphics: Canvas2D | [fingerprinting-breakage] | ||
1412961 | Fix canvas APIs in extension documents when resistFingerprinting is enabled | RESOLVED | Core | Graphics: Canvas2D | Tim Nguyen :ntim | [fingerprinting][fingerprinting-breakage] | |
1404608 | Do not lie about Operating System when privacy.resistFingerprinting is true | RESOLVED | Core | DOM: Security | Tim Huang[:timhuang] | [domsecurity-backlog3][fingerprinting-breakage] | |
1447592 | Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false | RESOLVED | Firefox | Security | Tom Ritter [:tjr] | [fingerprinting-breakage] |
15 Total; 0 Open (0%); 13 Resolved (86.67%); 2 Verified (13.33%);
All Open Tagged Fingerprinting Bugs
<disabled-bugzilla>
{ "status":["NEW", "ASSIGNED", "REOPENED"], "whiteboard":["fingerprinting"], "include_fields": "id, summary, status, product, component, assigned_to, depends_on, whiteboard", "order": "status, assigned_to" }
</disabled-bugzilla>
Fingerprinting Resolved Bugs
<disabled-bugzilla>
{ "blocks":"1329996", "status":["RESOLVED", "VERIFIED"], "include_fields": "id, summary, priority, product, component, assigned_to, depends_on, whiteboard", "order": "assigned_to" }
</disabled-bugzilla>