Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #6253

Closed
Open
Opened Jun 28, 2012 by Mike Perry@mikeperry

Prompt before allowing HTML5 Canvas image extraction

The HTML5 canvas can be used for fingerprinting WebGL and font rendering as described in http://www.w2spconf.com/2012/papers/w2sp12-final4.pdf. The fingerprint technique hinges on the ability for JS to extract image/data urls from the canvas object and hash them and/or compute differences. There's some demonstration code that works for a specific (but currently unknown) ruby version here: https://github.com/kmowery/canvas-fingerprinting.

I think the least-effort defense for now is to simply prompt before image extraction, and to allow extraction permissions to be set on a url-bar domain basis if the user has opted to store browser state to disk.

Later, we can think about virtualizing this surface during extraction, but I don't think we'll need to do that unless every site in the world decides to make a lolcat captioning HTML5 widget.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#6253