fingerprinting protection should be done in C++ instead of js content script #12045
Comments
|
That how it is done on Android browser in C++. I think we can use most on it https://github.com/brave/browser-android-tabs/commit/c6fdea38de6f818346109e82c23308acb93cee01 |
|
Its also how the Tor folks do their Canvas fingerprint blocking (which, last I checked, is "prompt user with permission dialog whenever I have more experience with the Tor/Mozilla codebase at the moment, but I think it should not be too difficult to get something similar pushed into chromium/muon. I don't know where this is on the timeline for you all, but happy to help if outside help would be welcome |
|
If there are gaps in WebExtensions APIs, situations where extensions are unable to guarantee before-anything-else execution (such as parent frames being able to access child frames before child frame content scripts had a chance to do their thing), I think these are browser bugs to be fixed. If this is what it is, we should file crbug and/or Bugzilla@Mozilla issues. |
|
I agree completely. I'll open issues with both teams in the next 24 hours and post links here to follow up. |
|
Bugs below: Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1424176 |
|
assigning to @jumde for now |
|
Moving to 0.21.x |
|
@diracdeltas is this release blocking? |
|
non-blocking, it can be moved to one release later |
tildelowengrimm
added
the
fixed-with-brave-core
|
Closing in favor of brave/brave-browser#1017 |
|
Confirmed fixed with brave-core 😄 |
follow-up to #11784
as @snyderp showed above, blocking DOM methods in a JS content script is a flawed approach because there are sneaky ways to get references to the methods. it would be better to disable the DOM methods in chromium/muon.
the basic functionality in app/extensions/brave/content/scripts/blockCanvasFingerprinting.js should be migrated into Muon. basically if fingerprinting protection is enabled, then:
cc @bridiver
The text was updated successfully, but these errors were encountered: