Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Juiced-up canvas fingerprinting #32

Open
martinthomson opened this issue Sep 14, 2023 · 1 comment
Open

Juiced-up canvas fingerprinting #32

martinthomson opened this issue Sep 14, 2023 · 1 comment

Comments

@martinthomson
Copy link

A video of an element provides more information to a fingerprinter than canvas snapshots. In addition to the usual font and graphic handling variations, the video will capture animation quirks.

This needs to be at least acknowledged. Browsers that restrict canvas read-back might want to apply similar protections here also, but it would be very much harder.
@eladalon1983
Copy link
Contributor

eladalon1983 commented Sep 19, 2023
edited
Loading

To gain access to the Element Capture API, an application must first gain "video-access" to the entire tab. By then, any font-based fingerprinting attack is trivial and unstoppable. (Please correct me if I'm wrong.)

It might be worth acknowledging this in the spec, but in that case, it's probably to be acknowledged in getDisplayMedia's and getViewportMedia's own specs, and not in downstream specs such as this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinthomson @eladalon1983