Skip to content
This repository has been archived by the owner. It is now read-only.

add CanvasRenderingContext2D.prototype.isPointInPath and 4 other meth… #11140

Merged
merged 1 commit into from Sep 26, 2017

Conversation

@pes10k
Copy link
Contributor

pes10k commented Sep 25, 2017

Fixes #10288

This change would block the following 5 methods (presented below, with brief motivation for each). Numbers for feature use / tracking use are taken from https://www.cs.uic.edu/%7Epsnyder/static/papers/Browser_Feature_Usage_on_the_Modern_Web.pdf

I've added a link to this paper in the FP part of the wiki, along with a description of the SVG related methods. I did not further discuss the canvas and WebGL related methods, since they're already mentioned.

CanvasRenderingContext2D.prototype.isPointInPath

  • Is used in popular live, popular fingerprinting code
  • Is infrequently used on the web (was observed on only 166 sites in the Alexa 10k)
  • Is frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 28 sites in the Alexa 10k, suggesting its used for tracking 83% of the time)

WebGLRenderingContext.prototype.getUniformLocation and WebGLRenderingContext.prototype.getAttribLocation

  • Are used in popular live, popular fingerprinting code, (here and here, for example)
  • Are infrequently used on the web (was observed on only 255 and 250 sites in the Alexa 10k, respectivly)
  • Are frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 44 and sites in the Alexa 10k, suggesting its used for tracking 82.75% and 82.4% of the time)
  • Non-obvious use case (e.x.: its not obvious to see why you'd need to query these parameters out of the context, if you'd already set them)

SVGPathElement.prototype.getTotalLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Very infrequently used on the web (observed on 140 of the Alexa 10k)
  • Very frequently associated with tracking (use goes down to only 2 sites, or a 98.57% reduction, in the presence of Ghostery)

SVGTextContentElement.prototype.getComputedTextLength

  • Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
  • Extremely associated with tracking (use goes from 1003 sites in the Alexa 10k, to 1, or a 99.9% reduction, in the presence of Ghostery)
…ods to fp-blocking
@codecov-io
Copy link

codecov-io commented Sep 25, 2017

Codecov Report

Merging #11140 into master will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11140      +/-   ##
==========================================
- Coverage   53.46%   53.41%   -0.05%     
==========================================
  Files         251      251              
  Lines       21771    21771              
  Branches     3407     3407              
==========================================
- Hits        11639    11630       -9     
- Misses      10132    10141       +9
Flag Coverage Δ
#unittest 53.41% <ø> (-0.05%) ⬇️
Impacted Files Coverage Δ
js/stores/appStoreRenderer.js 91.17% <0%> (-8.83%) ⬇️
app/renderer/components/reduxComponent.js 84.37% <0%> (-6.25%) ⬇️
js/stores/windowStore.js 27.45% <0%> (-0.31%) ⬇️
@diracdeltas diracdeltas self-requested a review Sep 26, 2017
@diracdeltas diracdeltas added this to the 0.21.x (Nightly Channel) milestone Sep 26, 2017
Copy link
Member

diracdeltas left a comment

lgtm! the proxy fingerprinting and device enumeration tests are failing but they also fail on master

@diracdeltas diracdeltas merged commit f49c1a6 into brave:master Sep 26, 2017
1 of 3 checks passed
1 of 3 checks passed
codecov/project 53.41% (-0.05%) compared to 87e2050
Details
continuous-integration/travis-ci/pr The Travis CI build failed
Details
codecov/patch Coverage not affected when comparing 87e2050...b54ff3e
Details
@luixxiul
Copy link
Contributor

luixxiul commented Sep 26, 2017

do we need QA on this?

@luixxiul luixxiul added the needs-info label Sep 26, 2017
@diracdeltas
Copy link
Member

diracdeltas commented Sep 26, 2017

do we need QA on this?

unless @snyderp has example sites that use these methods, nope

@bbondy bbondy modified the milestones: 0.21.x (Developer Channel), 0.20.x (Beta Channel) Oct 25, 2017
@diracdeltas
Copy link
Member

diracdeltas commented Nov 20, 2017

i'm going to lift this into 0.19.x hotfix 6 because it's unlikely to break anything and also it solves merge conflict with #11784

@diracdeltas diracdeltas modified the milestones: 0.20.x (Beta Channel), 0.19.x Hotfix 6 (Release channel) Nov 20, 2017
diracdeltas added a commit that referenced this pull request Nov 20, 2017
add CanvasRenderingContext2D.prototype.isPointInPath and 4 other meth…
@diracdeltas
Copy link
Member

diracdeltas commented Nov 20, 2017

0.19.x: 14ef118

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

8 participants
You can’t perform that action at this time.