Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extract canvas data - firefox permissions #9605

Closed
dajohi opened this issue May 1, 2019 · 11 comments · Fixed by #9616
Closed

extract canvas data - firefox permissions #9605

dajohi opened this issue May 1, 2019 · 11 comments · Fixed by #9616
Assignees
@jryans
Labels
Privacy T-Defect

Comments

@dajohi
Copy link

dajohi commented May 1, 2019

https://riot.im/app causes Firefox 66.0.2 to prompt for permission to allow 'extract canvas data'.

Do you know the cause?
@jryans jryans added the X-Needs-Info This issue is blocked awaiting information from the reporter label May 1, 2019
@jryans
Copy link
Collaborator

jryans commented May 1, 2019

Do you have privacy.resistFingerprinting set to true in about:config?

Do you see this prompt immediately on loading Riot?

@dajohi
Copy link
Author

dajohi commented May 1, 2019

Yes to both questions.

@jryans
Copy link
Collaborator

jryans commented May 1, 2019

We do use a <canvas> and read data out of it when creating image thumbnails for uploading images and videos...

But I guess it's unlikely that happens on load. Do you see any error in the Console if you deny the permission?

@jryans
Copy link
Collaborator

jryans commented May 1, 2019

I am able to replicate the behaviour you mention by setting privacy.resistFingerprinting. I'm not quite sure what's trigger this on load. My first guess is some library is eagerly testing for canvas support by calling one of the blocked methods.

Unfortunately, there's no logging of what code triggered, so it may take some digging to find why this is happening. 😖

Anyway, it's certainly not intentional for this to happen on load.

@jryans jryans added T-Defect defect Privacy and removed X-Needs-Info This issue is blocked awaiting information from the reporter labels May 1, 2019
@jryans jryans self-assigned this May 1, 2019
@jryans jryans added this to In Progress in Web App Team via automation May 1, 2019
@jryans
Copy link
Collaborator

jryans commented May 1, 2019

We're investigating the trigger, and I hope to have more details soon.

@jryans
Copy link
Collaborator

jryans commented May 1, 2019

This is being triggered by the favico.js library that we use to apply a badge to favicon when notifications come in.

We could try to delay this at least until you are logged in, but it would likely still be surprising...

We'll have to think about the best way to proceed here.

@jryans
Copy link
Collaborator

jryans commented May 2, 2019

Firefox's existing logs weren't very helpful in diagnosing this issue, so I filed a Firefox bug with patches to improve this for the next person.

jryans added a commit that referenced this issue May 2, 2019
@jryans
Delay creating the Favico instance
d4de7f5 
This avoids a canvas permission prompt from appearing on page load for users in
Firefox's resist fingerprinting mode. The prompt will still happen once you log
in and receive a notification, but at least this prevents it from happening
during the initial app experience.

Fixes #9605
@jryans jryans mentioned this issue May 2, 2019
Merged
@jryans jryans moved this from In Progress to In Review in Web App Team May 2, 2019
@jryans
Copy link
Collaborator

jryans commented May 2, 2019
edited

#9616 will improve this so that the prompt doesn't appear until after logging in and receiving a notification. Unfortunately, I don't think Firefox gives the page any way to know that it's running in resist fingerprinting mode, so it's hard to do something better here.

Web App Team automation moved this from In Review to In Test May 2, 2019
@dajohi
Copy link
Author

dajohi commented May 2, 2019

Hey, thanks for spending the time tracking it down and improving it! 👍

@jryans jryans moved this from In Test to Done in Web App Team May 30, 2019
@saghul saghul mentioned this issue Mar 13, 2021
Closed
@karolyi
Copy link

karolyi commented Oct 13, 2022

I think this bug is back. I use librewolf which has rfp enabled per default, and even with the "extract canvas data" permission enabled, I get uploaded image thumbnails like this:

image

@karolyi karolyi mentioned this issue Oct 13, 2022
Closed
su-ex added a commit to SchildiChat/element-web that referenced this issue Dec 6, 2022
@su-ex
Merge tag 'v1.11.16' into sc
58d68a5 
* Further improve replies ([\element-hq#6396](matrix-org/matrix-react-sdk#6396)). Fixes element-hq#19074, element-hq#18194 element-hq#18027 and element-hq#19179.
* Enable users to join group calls from multiple devices ([\element-hq#9625](matrix-org/matrix-react-sdk#9625)).
* fix(visual): make cursor a pointer for summaries ([\element-hq#9419](matrix-org/matrix-react-sdk#9419)). Contributed by @r00ster91.
* Add placeholder for rich text editor ([\element-hq#9613](matrix-org/matrix-react-sdk#9613)).
* Consolidate public room search experience ([\element-hq#9605](matrix-org/matrix-react-sdk#9605)). Fixes element-hq#22846.
* New password reset flow ([\element-hq#9581](matrix-org/matrix-react-sdk#9581)). Fixes element-hq#23131.
* Device manager - add tooltip to device details toggle ([\#9594](matrix-org/matrix-react-sdk#9594)).
* sliding sync: add lazy-loading member support ([\element-hq#9530](matrix-org/matrix-react-sdk#9530)).
* Limit formatting bar offset to top of composer ([\element-hq#9365](matrix-org/matrix-react-sdk#9365)). Fixes element-hq#12359. Contributed by @owi92.
* Fix issues around up arrow event edit shortcut ([\element-hq#9645](matrix-org/matrix-react-sdk#9645)). Fixes element-hq#18497 and element-hq#18964.
* Fix search not being cleared when clicking on a result ([\element-hq#9635](matrix-org/matrix-react-sdk#9635)). Fixes element-hq#23845.
* Fix screensharing in 1:1 calls ([\element-hq#9612](matrix-org/matrix-react-sdk#9612)). Fixes element-hq#23808.
* Fix the background color flashing when joining a call ([\element-hq#9640](matrix-org/matrix-react-sdk#9640)).
* Fix the size of the 'Private space' icon ([\element-hq#9638](matrix-org/matrix-react-sdk#9638)).
* Fix reply editing in rich text editor (https ([\element-hq#9615](matrix-org/matrix-react-sdk#9615)).
* Fix thread list jumping back down while scrolling ([\element-hq#9606](matrix-org/matrix-react-sdk#9606)). Fixes element-hq#23727.
* Fix regression with TimelinePanel props updates not taking effect ([\element-hq#9608](matrix-org/matrix-react-sdk#9608)). Fixes element-hq#23794.
* Fix form tooltip positioning ([\element-hq#9598](matrix-org/matrix-react-sdk#9598)). Fixes element-hq#22861.
* Extract Search handling from RoomView into its own Component ([\element-hq#9574](matrix-org/matrix-react-sdk#9574)). Fixes element-hq#498.
* Fix call splitbrains when switching between rooms ([\element-hq#9692](matrix-org/matrix-react-sdk#9692)).
* [Backport staging] Fix replies to emotes not showing as inline ([\element-hq#9708](matrix-org/matrix-react-sdk#9708)).
@karolyi karolyi mentioned this issue Dec 7, 2022
Open
@ara4n
Copy link
Member

ara4n commented Jan 27, 2024

see also #10146

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jryans jryans

Labels
Privacy T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Delay creating the Favico instance element-hq/element-web
4 participants
@jryans @karolyi @ara4n @dajohi