Fingerprinting 2.0: Canvas

[pes10k]

This is a sub-issue of the larger font defense reorganization #8787

Serialization Endpoints

CanvasRendering2dContext.getImageData
HTMLCanvasElement.toDataURL
HTMLCanvasElement.toBlob
OffscreenCanvas.convertToBlob

default protection: farble output, by using eTLD+1 session seed and canvas contents to determine offsets into the canvas to flip randomly selected low order bits
max protection: Generate psuedo-random output (w/o regard to canvas contents), derived from the eTLD+1 session seed

[LaurenWags]

@pes10k assuming this one is also waiting on the same items mentioned in #8661 (comment) ?

cc @rebron @kjozwiak

[pes10k]

@LaurenWags yep! Let me ping #devops folks and see how far out https://github.com/brave/devops/issues/3067 is in their queue. If its way out, then i'll see if i can figure something else out on my own

[LaurenWags]

thanks @pes10k - marking as QA/Blocked until we're sorted!

[pes10k]

Hi @LaurenWags I've written up some manual tests for this here. I tried to write up some instructions here. Just let me know if its not clear or it'd be good to talk through.

Thanks to @bkero, i can add more tests easily as needed too, so just let me know how i can be helpful :)

[LaurenWags]

per discussion w/ @pes10k info is here: https://github.com/brave/devops/issues/3067#issuecomment-640949572

[LaurenWags]

Per discussions w/ @pes10k here's the test plan:
Using

• https://dev-pages.bravesoftware.com/farbling.html
• https://dev-pages.brave.software/farbling.html

Confirm that:

• with shields up, FP values are the same for each individual item (ex. WebGL Drawing) on a given page, but the values are different between the two pages above.
• with shields up, if you close and relaunch the browser, and visit the pages again the values are different (they are not retained between sessions).
• with shields down, FP values are the same for each individual item on a given page and are the same for both pages.
• with shields down, if you close and relaunch the browser, and visit the pages again, the values are the same (they are retained between sessions).

[srirambv]

Verification passed on

Brave	1.10.88 Chromium: 83.0.4103.97 (Official Build) (64-bit)
Revision	326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{# 657}
OS	Linux

Verified with shields up, FP values are the same for each individual item (ex. WebGL Drawing) on a given page.

URL 1	URL 2

Verified with shields up, close and relaunch the browser, and visit the pages again the values are different except for WebGL Drawing - Passed

• Canvas and WebAudio has different values between relaunches

URL 1	URL2

Verified with shields down, FP values for WebGL Drawing/Canvas/Web Audio are all the same on a given page and are the same for both pages.

URL 1	URL2

Verified with shields down, if you close and relaunch the browser, and visit the pages again, the values are the same (they are retained between sessions).

• No screenshots to show here
  

Verification passed on

Brave | 1.10.90 Chromium: 83.0.4103.97 (Official Build) (64-bit)
-- | --
Revision | 326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{#657}
OS | Windows 10 OS (Build 10240.17443)

• Verified the test plan from Fingerprinting 2.0: Canvas #9186 (comment)

• Verified with shields up, FP values are the same for each individual item (ex. WebGL Drawing) on a given page.
  https://dev-pages.bravesoftware.com/farbling.html
  
  https://dev-pages.brave.software/farbling.html
  

• Verified with shields up, close and relaunch the browser, and visit the pages again the values are different except for WebGL Drawing - Passed
  https://dev-pages.bravesoftware.com/farbling.html
  
  https://dev-pages.brave.software/farbling.html
  

• Verified with shields down, FP values for WebGL Drawing/Canvas/Web Audio are all the same on a given page and are the same for both pages. Logged [Desktop] Fingerprint values for Web audio is not the same on both pages with Shields down, follow up of #9186 #10260
  https://dev-pages.bravesoftware.com/farbling.html
  
  https://dev-pages.brave.software/farbling.html
  

• Verified with shields down, if you close and relaunch the browser, and visit the pages again, the values are the same (they are retained between sessions).

---

Verified passed with

Brave | 1.10.90 Chromium: 83.0.4103.97 (Official Build) (64-bit)
-- | --
Revision | 326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{#657}
OS | macOS Version 10.14.6 (Build 18G3020)

• Verified test plan from:
  • https://dev-pages.bravesoftware.com/farbling.html
  • https://dev-pages.bravesoftware.com/farbling.html

Shields up - initial launch:

Shields up - relaunch:

Shields down - initial launch:

Shields down - relaunch:

Encountered #10260 while testing