Skip to content

Disable WebAudio at Safer security level

At the moment the only ARM64 fingerprinting vector known and implemented in TZP is Webaudio. There might be others or not, but WebAudio is a known culprit right now.

ARM64 Linux is a very small bucket of TB/MB users. Such users can either obtain a highly outdated precompiled 13.0.9 version from sourceforge, or compile it themselves using NoisyCoil's work if they have an AMD64 machine or figure out setting cross: 0 for native compilation.

Few ARM64 Linux TB users face an awful choice:

  • Use TB 13, risk security vulnerabilities and stand out from the TB 14 crowd.
  • Disable WebAudio manually and stand out from the Linux TB 14 crowd.
  • Do nothing and stand out from the AMD64 Linux TB 14 crowd majority.
  • Being forced to use AMD64.

The ARM64 Linux crowd will be growing after official release but it is still going to be a minority of Linux users and it is worth trying to protect this minority from easy fingerprinting. Unlike WebAudio, ARM64 releases have not yet been enabled for TB 14. It's doubtful that WebAudio is going to benefit the majority of TB target audience.

If TB team insists on WebAudio, there is an easy compromise: disable it for Safer security level. This security level already brings inconvenience to basic video/audio playback, which are obviously more beneficial to most users than WebAudio. No harm in additionally disabling a known fingerprinting vector.

The ultimate solution would be to make both archs look the same via WebAudio but this will require much more effort. Alternative solution would be reverting the decision to enable WebAudio for all TB users.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information