fingerprinting screen coordinates

[arthuredelstein]

Description

Most browsers leak information about the user's display outside the content viewport, including screen width and height, the position of a browser window in the screen, and the difference between viewport and window dimensions. This information constitutes a fingerprinting vectors that is exposed to content JS and CSS. APIs that leak this information include:

window.screen object leaks information about the screen size:

• window.screen.width
• window.screen.height
• window.screen.availWidth
• window.screen.availHeight
• window.screen.availLeft
• window.screen.availTop
• window.screen.isExtended (leaks whether the user has multiple monitors)

Media queries also leak screen dimensions:

• device-width
• device-height

window properties leak absolute coordinates of the position and outer boundary of the browser window:

• window.screenX
• window.screenY
• window.outerWidth
• window.outerHeight

Pointing event screen coordinates (MouseEvent, TouchEvent, DragEvent, PointerEvent) can also be used to computed the window's position on the screen:

• event.screenX
• event.screenY

We want to hide this information from visited websites. The plan is to farble all of these APIs, meaning we spoof the values and also add a domain/session-keyed pseudorandom component to each of them.

We plan to enable the protection under standard (default) and aggressive fingerprinting modes, so that the user can disable them by lowering shields or setting "allow fingerprinting". In addition, we bind the protections to a flag so that they can be remotely disabled using griffin.

Steps to Reproduce

Visit https://arthuredelstein.github.io/tracking_demos/screen.html to see how screen size is revealed.

Actual result:

Example:

Also:

Desired result:

Content should not be given true information about screen dimensions or window position.

Reproduces how often:

Always

Brave version:

All versions

[arthuredelstein]

Re-opening because commit was reverted because of a crash.

[kjozwiak]

@brave/qa-team can probably use brave/brave-variations#362 (comment) as a template of what should be checked. However, remember that this is being enabled via Griffin so enabling the feature via brave://flags might not be necessary depending what channels have BraveScreenFingerprintingBlockerStudy enabled and what percentage. We also need to make sure that the above isn't enabled without Griffin.

[stephendonner]

Verification PASSED using

Brave	1.45.85 Chromium: 106.0.5249.91 (Official Build) beta (x86_64)
Revision	fa96d5f07b1177d1bf5009f647a5b8c629762157-refs/branch-heads/5249@{#707}
OS	macOS Version 11.7 (Build 20G817)

Case 1: 1st launch, no Griffin - PASSED

Steps:

1. installed 1.45.85
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
9. moved the mouse around and examined the tracked events

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

brave://version	dev-pages.brave.software/.../farbling.html	arthuredelstein.github.io/.../screen.html

Case 2: 2nd launch, Griffin-enabled study (50%) - PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the 50%-chance case you get BraveScreenFingerprintingBlockerStudy:Enabled
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
15. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
16. moved the mouse around and examined the tracked coordinates

Confirmed the values for This Page were different from Local Frame and Remote Frame (which were both the same); the only four (4) trackable events were the mouseEvent.client(X/Y) coordinates

brave://version	dev-pages.brave.software/.../farbling.html	arthuredelstein.github.io/..../screen.html

Case 3: 2nd launch, default/no study (50%) - PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the other 50%-chance case I got BraveScreenFingerprintingBlockerStudy:Default
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
15. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
16. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

brave://version	dev-pages.brave.software/.../farbling.html	arthuredelstein.github.io/..../screen.html

[MadhaviSeelam]

Verification PASSED using

Brave | 1.45.84 Chromium: 106.0.5249.91 (Official Build) beta (64-bit)
-- | --
Revision | fa96d5f07b1177d1bf5009f647a5b8c629762157-refs/branch-heads/5249@{#707}
OS | Windows 11 Version 21H2 (Build 22000.978)

Case 1: 1st launch, no Griffin - PASSED

Steps:

1. installed 1.45.85
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
9. moved the mouse around and examined the tracked events

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

step 3	step 5	step 8

Case 2: 2nd launch, Griffin-enabled study (50%) with Shields enabled- PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the 50%-chance case you get BraveScreenFingerprintingBlockerStudy:Enabled
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
17. moved the mouse around and examined the tracked coordinates

Confirmed the values for This Page were different from Local Frame and Remote Frame (which were both the same); the only four (4) trackable events were the mouseEvent.client(X/Y) coordinates

step 11-12	step 13	step 16

Case 3: 2nd launch, Griffin-enabled study (50%) with Shields disabled- PASSED

1. continued from Case 2
2. disable Shields in the Shields panel
3. reload the https://dev-pages.brave.software/fingerprinting/farbling.html
4. clicked on Generate fingerprints
5. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
6. moved the mouse around and examined the tracked coordinates

brave://version	shields down`	farbling.html	screen.html

Confirmed all values were the same; no farbling was applied

Case 4: 3rd launch, default/no study (50%) - PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
12. opened brave://version
13. confirmed in the other 50%-chance case I got BraveScreenFingerprintingBlockerStudy:Default
14. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
15. clicked on Generate fingerprints
16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
17. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

step 11	step 13	step 15

---

Verification passed on

Brave	1.45.90 Chromium: 106.0.5249.103 (Official Build) beta (64-bit)
Revision	182570408a1f25ab2731ef5f283b918df9b9f956-refs/branch-heads/5249_91@{#6}
OS	Ubuntu 18.04 LTS

Case 1: 1st launch, no Griffin - PASSED

Steps:

1. installed 1.45.x
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
9. moved the mouse around and examined the tracked events

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

Case 2: 2nd launch, Griffin-enabled study (50%) with Shields enabled- PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the 50%-chance case you get BraveScreenFingerprintingBlockerStudy:Enabled
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
17. moved the mouse around and examined the tracked coordinates

Confirmed the values for This Page were different from Local Frame and Remote Frame (which were both the same); the only four (4) trackable events were the mouseEvent.client(X/Y) coordinates

Case 3: 2nd launch, Griffin-enabled study (50%) with Shields disabled- PASSED

1. continued from Case 2
2. disable Shields in the Shields panel
3. reload the https://dev-pages.brave.software/fingerprinting/farbling.html
4. clicked on Generate fingerprints
5. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
6. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

Case 4: 3rd launch, default/no study (50%) - PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
12. opened brave://version
13. confirmed in the other 50%-chance case I got BraveScreenFingerprintingBlockerStudy:Default
14. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
15. clicked on Generate fingerprints
16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
17. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

[kjozwiak]

Because BraveScreenFingerprintingBlockerStudy hasn't been rolled out via the release channel, verification on Android was done by enabling brave://flags#brave-block-screen-fingerprinting to ensure the feature was working as expected.

Verification PASSED on Samsung S10+ running Android 12 using the following build(s):

Brave | 1.45.111 Chromium: 107.0.5304.62 (Official Build) (32-bit)
--- | ---
Revision | 1eec40d3a5764881c92085aaee66d25075c159aa-refs/branch-heads/5304@{#942}
OS | Android 12; Build/SP1A.210812.016

Case 1: BraveBlockScreenFingerprinting disabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html

Initial values before restarting the browser

Example	Example

Confirmed there was no farbling of the screen/window coordinates shown after the browser was restarted

Example	Example

Case 2: BraveBlockScreenFingerprinting enabled - Shields Enabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. enable brave://flags#brave-block-screen-fingerprinting via brave://flags
6. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
7. clicked on Generate fingerprints
8. note the This Page, Local Frame, and Remote Frame values for the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

7. load https://arthuredelstein.github.io/tracking_demos/screen.html and note the values being used
8. restart the browser and loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
9. note that the values should be different from the first time as Block Screen Fingerprinting has been enabled

Initial values before restarting the browser

Example	Example

Confirmed that the values are different due to FP farbling

Example	Example

Case 3: BraveBlockScreenFingerprinting enabled - Shields Disabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. enable brave://flags#brave-block-screen-fingerprinting via brave://flags
6. loaded https://dev-pages.brave.software/fingerprinting/farbling.html and disabled shields
7. clicked on Generate fingerprints
8. note the This Page, Local Frame, and Remote Frame values for the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

7. load https://arthuredelstein.github.io/tracking_demos/screen.html and note the values being used (disabled shields)
8. restart the browser and loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
9. note that the values should be the same due to Brave Shields being disabled on both websites
10. enable Brave Shields on both loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
11. note that the values should now be different as Brave Shields are enabled and FB farbling is occurring

Initial values before restarting the browser (Shields Disabled)

Example	Example

Confirmed there was no farbling of the screen/window coordinates shown after the browser was restarted

Example	Example

Confirmed that the values are different due to FP farbling (Shields Enabled)

Example	Example

---

Because BraveScreenFingerprintingBlockerStudy hasn't been rolled out via the release channel, verification on Android was done by enabling brave://flags#brave-block-screen-fingerprinting to ensure the feature was working as expected.

Verification PASSED on Samsung Tab S8 Ultra running Android 12 using the following build(s):

Brave | 1.45.111 Chromium: 107.0.5304.62 (Official Build) (32-bit)
--- | ---
Revision | 1eec40d3a5764881c92085aaee66d25075c159aa-refs/branch-heads/5304@{#942}
OS | Android 12; Build/SP2A.220305.013

Case 1: BraveBlockScreenFingerprinting disabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html

Initial values before restarting the browser

Example	Example

Confirmed there was no farbling of the screen/window coordinates shown after the browser was restarted

Example	Example

Case 2: BraveBlockScreenFingerprinting enabled - Shields Enabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. enable brave://flags#brave-block-screen-fingerprinting via brave://flags
6. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
7. clicked on Generate fingerprints
8. note the This Page, Local Frame, and Remote Frame values for the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

7. load https://arthuredelstein.github.io/tracking_demos/screen.html and note the values being used
8. restart the browser and loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
9. note that the values should be different from the first time as Block Screen Fingerprinting has been enabled

Initial values before restarting the browser

Example	Example

Confirmed that the values are different due to FP farbling

Example	Example

Case 3: BraveBlockScreenFingerprinting enabled - Shields Disabled - PASSED

1. installed 1.45.111 Chromium: 107.0.5304.62
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. enable brave://flags#brave-block-screen-fingerprinting via brave://flags
6. loaded https://dev-pages.brave.software/fingerprinting/farbling.html and disabled shields
7. clicked on Generate fingerprints
8. note the This Page, Local Frame, and Remote Frame values for the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

7. load https://arthuredelstein.github.io/tracking_demos/screen.html and note the values being used (disabled shields)
8. restart the browser and loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
9. note that the values should be the same due to Brave Shields being disabled on both websites
10. enable Brave Shields on both loadhttps://dev-pages.brave.software/fingerprinting/farbling.html & https://arthuredelstein.github.io/tracking_demos/screen.html
11. note that the values should now be different as Brave Shields are enabled and FB farbling is occurring

Initial values before restarting the browser (Shields Disabled)

Example	Example

Confirmed there was no farbling of the screen/window coordinates shown after the browser was restarted

Example	Example

Confirmed that the values are different due to FP farbling (Shields Enabled)

Example	Example