Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fingerprinting Protections v2: Workers #11368

Closed
pes10k opened this issue Aug 21, 2020 · 7 comments · Fixed by brave/brave-core#6651
Closed

Fingerprinting Protections v2: Workers #11368

pes10k opened this issue Aug 21, 2020 · 7 comments · Fixed by brave/brave-core#6651
Assignees
@pilgrim-brave
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA/No release-notes/exclude
Milestone
1.16.x - Release #1

Comments

@pes10k
Copy link
Contributor

pes10k commented Aug 21, 2020

This is a sub-issue of the larger fingerprint defense reorganization issue: #8787

Currently farbling protections are not applied in workers. Brave should apply farbling protections in workers.
@pes10k pes10k added privacy feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality privacy-pod Feature work for the Privacy & Web Compatibility pod OS/Desktop labels Aug 21, 2020
This was referenced Aug 21, 2020
Closed
Closed
@pilgrim-brave pilgrim-brave mentioned this issue Sep 15, 2020
Merged
32 tasks
@pilgrim-brave pilgrim-brave added this to the 1.16.x - Nightly milestone Sep 16, 2020
@abrahamjuliot
Copy link

abrahamjuliot commented Sep 17, 2020
edited
Loading

@pilgrim-brave
@pes10k
Hardware concurrency appears consistent in workers now. Per #9186, should this fix include [all] offscreen canvas rendering contexts? Webgl vendor and renderer are still exposed via workers. I presume shaders precisions and max constants are also exposed.

@pes10k
Copy link
Contributor Author

pes10k commented Sep 18, 2020

@abrahamjuliot thank you for the comment / catch. This is suprising, and is being into looked into now. Thanks for the help!

@pilgrim-brave pilgrim-brave mentioned this issue Sep 24, 2020
Closed
@LaurenWags
Copy link
Member

@pes10k @pilgrim-brave could you guys help out with the test plan for this one?

I thought maybe it would be to go to the QA pages @pes10k set up and confirm the "Worker" column but on a clean profile with below build not everything is acting as expected. Is this because the test plan should be different? or is there an issue here?

Brave 1.16.52 Chromium: 86.0.4240.68 (Official Build) dev (x86_64)
Revision ad72ee9aa8e15ed300df1238e76c7a8f4d686f97-refs/branch-heads/4240@{#1097}
OS macOS Version 10.14.6 (Build 18G3020)

standard shields

labeling as QA/Blocked until this is sorted.

@LaurenWags LaurenWags mentioned this issue Oct 5, 2020
Closed
@pes10k
Copy link
Contributor Author

pes10k commented Oct 6, 2020

I'm not seeing this on nightly currently (see below screenshot) so maybe this is just something that needs to be uplifted? (cc @pilgrim-brave )
Screen Shot 2020-10-05 at 8 25 25 PM

@LaurenWags
Copy link
Member

@pes10k what is your shield setting here? also it might be worth looking at both pages. I'm definitely seeing some inconsistencies/unexpected results. Please see below screenshots/notes. Once you get to review to confirm that the error is with FP code and not the testing page, I'm happy to log any follow up issues needed.

1.16.x

Standard shield setting for FP

11368 std both pages 1 16

For both pages, the Worker column for WebGL Drawing has a different value than the other columns. Since this WebGL Drawing is only in standard (per the Mode column), I expected the Worker value to match the other column values.

For both pages, the Worker column for Canvas has a different value than the other columns. Since Canvas is available in both standard and strict (per the Mode column), I expected the Worker value to match the other column values. **Additionally, note that the Worker value from the top page matches the This Page, Local Frame and Remote Frame values for the lower page. Seems odd, no?

Strict shield setting for FP

11368 strict both pages 1 16

For both pages, the Worker column for WebGL Drawing matches the other columns and is different between the two pages. Since this WebGL Drawing is only in standard (per the Mode column), I expected the values to be the same as when shields = standard. Am I misunderstanding this?

1.17.x

Standard shield setting for FP

11368 std both pages 1 17

For both pages, the Worker column for WebGL Drawing has a different value than the other columns. Since this WebGL Drawing is only in standard (per the Mode column), I expected the Worker value to match the other column values.

For top page (dev-pages.bravesoftware.com/farbling.html), the Worker column for Canvas has a different value than the other columns.
For the bottom page, (dev-pages.brave.software/farbling.html), the Worker column for Canvas is the same across all columns. Not sure why he two pages are acting differently?

Strict shield setting for FP

11368 strict both pages 1 17

For both pages, the Worker column for WebGL Drawing matches the other columns and is different between the two pages. Since this WebGL Drawing is only in standard (per the Mode column), I expected the values to be the same as when shields = standard. Am I misunderstanding this?

For top page (dev-pages.bravesoftware.com/farbling.html), the Worker column for Canvas has a different value than the other columns.
For the bottom page, (dev-pages.brave.software/farbling.html), the Worker column for Canvas is the same across all columns. Not sure why he two pages are acting differently?

Note - shield settings aren't pictured because they cover the table, however, if you look at WebGL Vendor and Render and User Agent you can see that they are behaving as expected for std/strict so I am positive that the shield settings are accurate, I just don't know why these two aren't working as expected.

@pes10k
Copy link
Contributor Author

pes10k commented Oct 8, 2020

Hmm, my shield settings are all default, and im on 1.17.17 Chromium: 86.0.4240.72 (Official Build) nightly (x86_64). I dont have a good explanation for this. I believe @pilgrim-brave is working on an issue related to this, but would be best if he can confirm.

Screen Shot 2020-10-07 at 8 10 50 PM

This was referenced Oct 12, 2020
Closed
Closed
@LaurenWags
Copy link
Member

@pes10k @rebron logged some follow up issues here since it seems like there's still some work to be done in this area. They are:

Going to mark this issue as QA/No and release-notes/exclude since it's not fully completed and testing should be done with the above logged issues. Please let me know if there are any objections to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pilgrim-brave pilgrim-brave

Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA/No release-notes/exclude
Projects
None yet
Milestone
1.16.x - Release #1
Development

Successfully merging a pull request may close this issue.

Refactor BraveSessionCache as an ExecutionContext supplement brave/brave-core
4 participants
@pes10k @abrahamjuliot @LaurenWags @pilgrim-brave