Return constant result for navigator.mimeTypes and navigator.plugins #1549

jumde · 2018-10-12T01:26:14Z

Navigator.mimeTypes and Navigator.plugins increases fingerprinting risk. It is disabled in browser-laptop

See here: https://trac.torproject.org/projects/tor/ticket/17207

The text was updated successfully, but these errors were encountered:

bbondy · 2018-10-12T15:02:29Z

Getting away from putting things in specific milestones, so pls just assign a priority label based on work's importance and urgency.

jumde · 2018-10-22T19:34:01Z

Looks like I rushed on this one. We don't return constant result for mimeTypes and plugins in browser-laptop. This might cause web-compat issues.

May be we can put this behind the fingerprinting flag like firefox? cc: @tomlowenthal @diracdeltas

https://web.archive.org/web/20170204172033/https://bugzilla.mozilla.org/show_bug.cgi?id=1281963

diracdeltas · 2018-10-23T01:54:39Z

We do return empty (or at least are supposed to) in browser-laptop for plugins and mimeTypes until Flash is explicitly allowed. The purpose of this is to trigger HTML5 fallback on sites that would otherwise require Flash. We should try to copy that behavior here.

(Plugins and mimeTypes should always return empty in Tor windows though. cc @riastradh-brave )

jumde · 2018-10-23T06:40:27Z

Sounds good, I'll update the PR.

bbondy · 2018-11-30T15:39:28Z

The following tests are currently failing on Windows, could you check @jumde ?

   NavigatorPluginsTest.ConstMimeTypesWithFlash (../../brave/chromium_src/third_party/blink/renderer/modules/plugins/navigator_pluginstest.cc:112)
    NavigatorPluginsTest.ConstPluginsWithFlash (../../brave/chromium_src/third_party/blink/renderer/modules/plugins/navigator_pluginstest.cc:96)

jumde · 2018-11-30T16:33:57Z

Checking!

srirambv · 2019-01-02T11:34:50Z

Verification passed on

Brave	0.59.14 Chromium: 72.0.3626.28 (Official Build) beta(64-bit)
Revision	997b1040b63bac324e815797ba52be0cd8f616ed-refs/branch-heads/3626@{#461}
OS	Linux

Verified only non flash test steps for Linux

Verification passed on

Brave	0.59.14 Chromium: 72.0.3626.28 (Official Build) beta(64-bit)
Revision	997b1040b63bac324e815797ba52be0cd8f616ed-refs/branch-heads/3626@{#461}
OS	Windows 7

Used test plan from brave/brave-core#697

With flash on

With flash off

With flash on in tor:

Verified passed with

Brave	0.59.20 Chromium: 72.0.3626.28 (Official Build) beta(64-bit)
Revision	997b1040b63bac324e815797ba52be0cd8f616ed-refs/branch-heads/3626@{#461}
OS	Mac OS X

Flash not installed:

Flash installed and enabled:

Tor Window:

jumde added privacy feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields labels Oct 12, 2018

jumde added this to the 0.57.x milestone Oct 12, 2018

bbondy removed this from the 0.57.x milestone Oct 12, 2018

bbondy added the priority/P3 The next thing for us to work on. It'll ride the trains. label Oct 12, 2018

bbondy added this to the 1.x Backlog milestone Oct 16, 2018

jumde changed the title ~~Return constant result for Navigator.mimeTypes~~ Return constant result for navigator.mimeTypes and navigator.plugins Oct 18, 2018

jumde mentioned this issue Oct 18, 2018

Issue 1549: Return constant results for navigator.plugins and navigator.mimeTypes brave/brave-core#697

Merged

18 tasks

jumde self-assigned this Oct 18, 2018

jumde added QA/Yes QA/Test-Plan-Specified needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. labels Oct 18, 2018

tildelowengrimm added this to P3, P4, & P5 Backlog in Security & Privacy Oct 31, 2018

tildelowengrimm added priority/P4 Planned work. We expect to get to it "soon". and removed priority/P3 The next thing for us to work on. It'll ride the trains. needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. labels Oct 31, 2018

tildelowengrimm moved this from P3, P4, & P5 Backlog to In Progress in Security & Privacy Oct 31, 2018

tildelowengrimm added this to P3, P4, & P5 Backlog in Shields Nov 6, 2018

tildelowengrimm moved this from In Progress to Pending review in Security & Privacy Nov 14, 2018

jumde closed this as completed in brave/brave-core#697 Nov 21, 2018

Security & Privacy automation moved this from Pending review to Completed Nov 21, 2018

Shields automation moved this from Feature Backlog to Completed Nov 21, 2018

bbondy modified the milestones: 1.x Backlog, 0.59.x - Nightly Nov 29, 2018

bbondy added the release-notes/include label Dec 20, 2018

srirambv added the QA Pass-Linux label Jan 2, 2019

btlechowski added the QA Pass-Win64 label Jan 2, 2019

LaurenWags added the QA Pass-macOS label Jan 8, 2019

kjozwiak mentioned this issue Jan 31, 2019

Release notes for 0.59.x (Release Channel) #3173

Closed

tomayac mentioned this issue Jan 19, 2021

Removing plugins? whatwg/html#6003

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Return constant result for navigator.mimeTypes and navigator.plugins #1549

Return constant result for navigator.mimeTypes and navigator.plugins #1549

jumde commented Oct 12, 2018 •

edited

Loading

bbondy commented Oct 12, 2018

jumde commented Oct 22, 2018

diracdeltas commented Oct 23, 2018

jumde commented Oct 23, 2018

bbondy commented Nov 30, 2018

jumde commented Nov 30, 2018

srirambv commented Jan 2, 2019 •

edited by LaurenWags

Loading

Return constant result for navigator.mimeTypes and navigator.plugins #1549

Return constant result for navigator.mimeTypes and navigator.plugins #1549

Comments

jumde commented Oct 12, 2018 • edited Loading

bbondy commented Oct 12, 2018

jumde commented Oct 22, 2018

diracdeltas commented Oct 23, 2018

jumde commented Oct 23, 2018

bbondy commented Nov 30, 2018

jumde commented Nov 30, 2018

srirambv commented Jan 2, 2019 • edited by LaurenWags Loading

jumde commented Oct 12, 2018 •

edited

Loading

srirambv commented Jan 2, 2019 •

edited by LaurenWags

Loading