Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fingerprinting 2.0: WebGL2 #9189

Closed
pes10k opened this issue Apr 14, 2020 · 6 comments · Fixed by brave/brave-core#6819
Closed

Fingerprinting 2.0: WebGL2 #9189

pes10k opened this issue Apr 14, 2020 · 6 comments · Fixed by brave/brave-core#6819
Assignees
@pilgrim-brave
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Milestone
1.17.x - Release #1

Comments

@pes10k
Copy link
Contributor

pes10k commented Apr 14, 2020
edited by pilgrim-brave
Loading

This is a sub-issue of the larger fingerprint defense reorganization issue: #8787

Previous implementation blocked all WebGL-specific parameters, at max level only, and did nothing at default level.

New implementation:

At max level, block these WebGL2-specific parameters:

  • version
  • shading language version
  • read buffer binding
  • write buffer binding
  • framebuffer binding
  • max vertex uniform components
  • max vertex uniform blocks
  • max vertex output components
  • max varying components
  • max transform feedback interleaved components
  • max fragment uniform components
  • max fragment uniform blocks
  • max fragment input components
  • max uniform buffer bindings
  • max combined uniform blocks
  • max combined vertex uniform components
  • max combined fragment uniform components

At default level, farble these WebGL2-specific parameters:

  • max vertex uniform components
  • max vertex uniform blocks
  • max vertex output components
  • max varying components
  • max transform feedback interleaved components
  • max fragment uniform components
  • max fragment uniform blocks
  • max fragment input components
  • max uniform buffer bindings
  • max combined uniform blocks
  • max combined vertex uniform components
  • max combined fragment uniform components
@pes10k pes10k added privacy feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields privacy-pod Feature work for the Privacy & Web Compatibility pod labels Apr 14, 2020
@pes10k pes10k mentioned this issue Apr 14, 2020
Closed
10 tasks
@pes10k pes10k changed the title Fingerprint 2.0: WebGL2 Fingerprinting 2.0: WebGL2 Apr 30, 2020
This was referenced Jul 23, 2020
Closed
Closed
@pilgrim-brave pilgrim-brave mentioned this issue Oct 8, 2020
Merged
33 tasks
@pilgrim-brave pilgrim-brave added this to the 1.17.x - Nightly milestone Oct 14, 2020
@pilgrim-brave pilgrim-brave added OS/Android Fixes related to Android browser functionality OS/Desktop QA/Yes release-notes/include labels Oct 21, 2020
@LaurenWags
Copy link
Member

@pes10k @pilgrim-brave could one of you confirm the test plan? I don't see anything for WebGL2 on https://dev-pages.bravesoftware.com/farbling.html / https://dev-pages.brave.software/farbling.html. Is there something different we should do to check this one?

@pes10k
Copy link
Contributor Author

pes10k commented Nov 4, 2020

Test plan is to review the "WebGL2 Params" row on https://dev-pages.brave.software/farbling.html and make sure they match on the same page, but differ across pages CC @pilgrim-brave

@LaurenWags if that looks good to you, i think we're good to go!

@LaurenWags
Copy link
Member

@pes10k thanks for getting that added! I do have a question about your setup on the test pages, looks like you've got 1.18 listed but this issue in 1.17.x:

Screen Shot 2020-11-05 at 7 38 20 AM

Can this issue be tested with 1.17.x or should I log a placeholder for it to be tested with 1.18.x?

@pes10k
Copy link
Contributor Author

pes10k commented Nov 5, 2020

ah good point @LaurenWags , i tagged it as current nightly, not as the release when the code landed… d'oh. Fixed!

@LaurenWags
Copy link
Member

LaurenWags commented Nov 6, 2020
edited by btlechowski
Loading

Verified passed with

Brave | 1.17.62 Chromium: 86.0.4240.185 (Official Build) dev (x86_64)
-- | --
Revision | 37e6f852ed18086458552039ad26421aa9fc7acc-refs/branch-heads/4240@{#1377}
OS | macOS Version 10.14.6 (Build 18G6032)

Verified test plan from #9189 (comment). Note, confirmed with @pes10k that when FP=strict, WebGL2 values "should be the same over all domains, since we’re just blocking each request in strict mode (so the same value is just the “blocked” value)". As you will see in screenshots below, the "strict" value differs from "shields down" and "standard" values as expected.

Shields Down shields down
Fingerprinting = standard FP=std
Fingerprinting = strict FP=strict

Verification passed on

Brave 1.17.62 Chromium: 86.0.4240.185 (Official Build) dev (64-bit)
Revision 37e6f852ed18086458552039ad26421aa9fc7acc-refs/branch-heads/4240@{#1377}
OS Windows 7 Service Pack 1 (Build 7601.24544)

Verified test plan from #9189 (comment).

Shields Down

image

Fingerprinting = standard

image

Fingerprinting = strict

image

Verification passed on

Brave 1.17.59 Chromium: 86.0.4240.183 (Official Build) dev (64-bit)
Revision 0b568b034b8f7994697cb341eeca5979b84151cc-refs/branch-heads/4240@{#1374}
OS Ubuntu 18.04 LTS

Verified test plan from #9189 (comment).

Shields Down
image image
Fingerprinting = standard
image image
Fingerprinting = strict
image image

@srirambv
Copy link
Contributor

Verification passed on OnePlus 6T with Android 10 running 1.17.66 x64 build

Shields Down
dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
Fingerprinting Blocked(Standard)
https://dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
Fingerprinting Blocked(Strict)
https://dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image

Verification passed on Samsung Tab A with Android 10 running 1.17.66 x64 beta build

Shields Down
https://dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
Fingerprinting Blocked(Standard)
https://dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
Fingerprinting Blocked(Strict)
https://dev-page.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image

@LaurenWags LaurenWags mentioned this issue Nov 18, 2020
Closed
@kjozwiak kjozwiak mentioned this issue Nov 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pilgrim-brave pilgrim-brave

Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Projects
None yet
Milestone
1.17.x - Release #1
Development

Successfully merging a pull request may close this issue.

Implement WebGL2 farbling brave/brave-core
5 participants
@pes10k @srirambv @LaurenWags @btlechowski @pilgrim-brave