PDF.js triggers canvas fingerprinting warning for some PDFs
I'm seeing the canvas fingerprinting warning for some PDFs served by PDF.js in the latest version of the Tor Browser Bundle (5.5.2). It appears that this only happens with image-heavy PDFs.
For example: https://www.aclu.org/foia-document/some-key-sso-cyber-milestone-dates-fall-2005.
It looks like this was fixed in legacy/trac#10570 (moved) for the Firefox-local version of PDF.js, but (perhaps intentionally) not for PDF.js if it's being served by the website.
We use the PDF.js provided via the "PDF" Drupal extension version "7.x-1.6" with PDF.js version "1.1.215".
Is this a bug in Tor Browser's canvas fingerprinting detection, or is what PDF.js is doing simply indistinguishable from a fingerprinting attempt?
I've also opened a ticket with the PDF.js team (https://github.com/mozilla/pdf.js/issues/7026).
Thanks!
Trac:
Username: xcolour