New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add CanvasRenderingContext2D.prototype.isPointInPath and 4 other meth… #11140

Merged
merged 1 commit into from Sep 26, 2017

Conversation

Projects
None yet
8 participants
@snyderp
Contributor

snyderp commented Sep 25, 2017

Fixes brave/browser-laptop#10288

This change would block the following 5 methods (presented below, with brief motivation for each). Numbers for feature use / tracking use are taken from https://www.cs.uic.edu/%7Epsnyder/static/papers/Browser_Feature_Usage_on_the_Modern_Web.pdf

I've added a link to this paper in the FP part of the wiki, along with a description of the SVG related methods. I did not further discuss the canvas and WebGL related methods, since they're already mentioned.

CanvasRenderingContext2D.prototype.isPointInPath

  • Is used in popular live, popular fingerprinting code
  • Is infrequently used on the web (was observed on only 166 sites in the Alexa 10k)
  • Is frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 28 sites in the Alexa 10k, suggesting its used for tracking 83% of the time)

WebGLRenderingContext.prototype.getUniformLocation and WebGLRenderingContext.prototype.getAttribLocation

  • Are used in popular live, popular fingerprinting code, (here and here, for example)
  • Are infrequently used on the web (was observed on only 255 and 250 sites in the Alexa 10k, respectivly)
  • Are frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 44 and sites in the Alexa 10k, suggesting its used for tracking 82.75% and 82.4% of the time)
  • Non-obvious use case (e.x.: its not obvious to see why you'd need to query these parameters out of the context, if you'd already set them)

SVGPathElement.prototype.getTotalLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Very infrequently used on the web (observed on 140 of the Alexa 10k)
  • Very frequently associated with tracking (use goes down to only 2 sites, or a 98.57% reduction, in the presence of Ghostery)

SVGTextContentElement.prototype.getComputedTextLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Extremely associated with tracking (use goes from 1003 sites in the Alexa 10k, to 1, or a 99.9% reduction, in the presence of Ghostery)
@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Sep 25, 2017

Codecov Report

Merging #11140 into master will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11140      +/-   ##
==========================================
- Coverage   53.46%   53.41%   -0.05%     
==========================================
  Files         251      251              
  Lines       21771    21771              
  Branches     3407     3407              
==========================================
- Hits        11639    11630       -9     
- Misses      10132    10141       +9
Flag Coverage Δ
#unittest 53.41% <ø> (-0.05%) ⬇️
Impacted Files Coverage Δ
js/stores/appStoreRenderer.js 91.17% <0%> (-8.83%) ⬇️
app/renderer/components/reduxComponent.js 84.37% <0%> (-6.25%) ⬇️
js/stores/windowStore.js 27.45% <0%> (-0.31%) ⬇️

codecov-io commented Sep 25, 2017

Codecov Report

Merging #11140 into master will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11140      +/-   ##
==========================================
- Coverage   53.46%   53.41%   -0.05%     
==========================================
  Files         251      251              
  Lines       21771    21771              
  Branches     3407     3407              
==========================================
- Hits        11639    11630       -9     
- Misses      10132    10141       +9
Flag Coverage Δ
#unittest 53.41% <ø> (-0.05%) ⬇️
Impacted Files Coverage Δ
js/stores/appStoreRenderer.js 91.17% <0%> (-8.83%) ⬇️
app/renderer/components/reduxComponent.js 84.37% <0%> (-6.25%) ⬇️
js/stores/windowStore.js 27.45% <0%> (-0.31%) ⬇️

@diracdeltas diracdeltas self-requested a review Sep 26, 2017

@diracdeltas diracdeltas added this to the 0.21.x (Nightly Channel) milestone Sep 26, 2017

@diracdeltas

lgtm! the proxy fingerprinting and device enumeration tests are failing but they also fail on master

@diracdeltas diracdeltas merged commit f49c1a6 into brave:master Sep 26, 2017

1 of 3 checks passed

codecov/project 53.41% (-0.05%) compared to 87e2050
Details
continuous-integration/travis-ci/pr The Travis CI build failed
Details
codecov/patch Coverage not affected when comparing 87e2050...b54ff3e
Details
@luixxiul

This comment has been minimized.

Show comment
Hide comment
@luixxiul

luixxiul Sep 26, 2017

Contributor

do we need QA on this?

Contributor

luixxiul commented Sep 26, 2017

do we need QA on this?

@luixxiul luixxiul added the needs-info label Sep 26, 2017

@diracdeltas

This comment has been minimized.

Show comment
Hide comment
@diracdeltas

diracdeltas Sep 26, 2017

Member

do we need QA on this?

unless @snyderp has example sites that use these methods, nope

Member

diracdeltas commented Sep 26, 2017

do we need QA on this?

unless @snyderp has example sites that use these methods, nope

@bbondy bbondy modified the milestones: 0.21.x (Developer Channel), 0.20.x (Beta Channel) Oct 25, 2017

@diracdeltas

This comment has been minimized.

Show comment
Hide comment
@diracdeltas

diracdeltas Nov 20, 2017

Member

i'm going to lift this into 0.19.x hotfix 6 because it's unlikely to break anything and also it solves merge conflict with #11784

Member

diracdeltas commented Nov 20, 2017

i'm going to lift this into 0.19.x hotfix 6 because it's unlikely to break anything and also it solves merge conflict with #11784

@diracdeltas diracdeltas modified the milestones: 0.20.x (Beta Channel), 0.19.x Hotfix 6 (Release channel) Nov 20, 2017

diracdeltas added a commit that referenced this pull request Nov 20, 2017

Merge pull request #11140 from snyderp/10288-block-more-fp-methods
add CanvasRenderingContext2D.prototype.isPointInPath and 4 other meth…
@diracdeltas

This comment has been minimized.

Show comment
Hide comment
@diracdeltas
Member

diracdeltas commented Nov 20, 2017

0.19.x: 14ef118

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment