window keys: creep vs tzp

[Thorin-Oakenpants]

@abrahamjuliot

something I noticed

• FF nightly: tzp-839 properties vs c-837
• opera: tzp-997 vs c-997
• chrome: tzp-1004 vs creep-1004

so it's a gecko thing (I thought it might be because the console is open, but alas that is not it). I tested older FFs

• FF60: tzp-769 (creep broken by webrtc)
• FF68 tzp-784 c-782 - same two items difference
• I stopped there

the gecko difference is always Performance and PerformanceNavigationTiming

I hate it when code doesn't replicate - who knows what else you could drop off (that adds entropy) or me pick up (that are not stable). I though we were the same. Why the difference?

Please explain yourself young man :)

[abrahamjuliot]

😁 Yes, Performance and PerformanceNavigationTiming are removed and the Event is moved to the end of the list.

As far as I know, this adds a bit of stability when the console is opened/closed or RFP is turned on/off, but I'm not sure if it adds much. On creep, this reduces the amount of unique window samples captured and lowers the count of loose fingerprint switching tracked. I have not tested this in older versions yet.

// if Firefox, remove the 'Event' key and push to end for consistent order
// and disregard keys known to be missing in RFP mode
if (isFirefox) {
    const keyMovedByInspect = 'Event'
    const keysMissingInRFP = ['PerformanceNavigationTiming', 'Performance']
    const index = keys.indexOf(keyMovedByInspect)
    if (index != -1) {
        keys = keys.slice(0, index).concat(keys.slice(index + 1))
        keys = [...keys, keyMovedByInspect]
    }
    keysMissingInRFP.forEach(key => {
        const index = keys.indexOf(key)
        if (index != -1) {
            keys = keys.slice(0, index).concat(keys.slice(index + 1))
        }
        return keys
    })
}

[Thorin-Oakenpants]

Ahh, BTW, I sort gecko results but not others - that takes care of the console being open for me (IDK about chrome, I thought that was covered)

Performance is not missing with RFP on (at least not in nightly) - no big deal, it was probably missing in earlier versions - probably changed when they tweaked performance entries - probably this one - https://bugzilla.mozilla.org/show_bug.cgi?id=1637985

Entropy wise, I'm happy to collect those two values, I mean it's entropy :)

[Thorin-Oakenpants]

actually, I do sort them for all engines - I just do some gecko stuff before sorting

I played with my code and did some debugging

snip - fucked that up

[Thorin-Oakenpants]

OK, so I fixed my debug code

snip - I think I fucked this up too - end snip

check - RFP drops PerformanceNavigationTiming

in gecko, Performance is always last. But if the console is open, the last item is Event. But if you select the Storage tab, even if you select then deselect it, it seems as if in FF95 at least, the last item now becomes Location (I didn't have that in my false positives, only in knownGood - I will patch that)

And I also have StyleSheetList as a false positive as well (I think its FF < 62 or something). So in gecko, I find Performance, ignore Event Location and StyleSheetList and anything after that is suspect (things extensions are playing with) and from the suspect list I remove knownGood = lets me catch the fake random items from chameleon, and the fake items from cydec

So I had it right - as long as Performance is always expected regardless of RFP. Now imma gonna test, thanks a bunch - to see if/when RFP affected Performance (it didn't in ESR78) and I rely on this, so it better not :)

[Thorin-Oakenpants]

OK, I'll finish testing later, but here we go

• am up to FF65 (but it FF62+ matches FF nightly, I think, see next post)
• I don't think android would have been any different
• the second set for console-y is when you have selected the storage tab at some stage

AFAICT, RFP doesn't affect Performance (so far) being at the end (or very near end)

note: TZP code ignores isFFLegacy (< v60) and doesn't attempt to find fake/suspect
e.g. FF52 ended in a whole heap of `CSS*` stuff

FF60-61
- RFP-n console-n: Node,Document,HTMLDocument,Performance
- RFP-y console-n: Node,Document,HTMLDocument,Performance
- RFP-n console-y: HTMLDocument,Performance,Event,StyleSheetList / Performance,Event,StyleSheetList,Location
- RFP-y console-y: HTMLDocument,Performance,Event,StyleSheetList / Performance,Event,StyleSheetList,Location

FF62+
- RFP-n console-n: Node,Document,HTMLDocument,Performance
- RFP-y console-n: Node,Document,HTMLDocument,Performance
- RFP-n console-y: Document,HTMLDocument,Performance,Event / HTMLDocument,Performance,Event,Location
- RFP-y console-y: Document,HTMLDocument,Performance,Event / HTMLDocument,Performance,Event,Location

[Thorin-Oakenpants]

I think I screwed up my earlier tests (since edited)

see this https://github.com/arkenfox/TZP/blob/88df9aaaa38e99f058fbee6c6e667be90a3aa0b7/js/misc.js#L75

and now see this - https://github.com/arkenfox/TZP/commit/88df9aaaa38e99f058fbee6c6e667be90a3aa0b7

i used to let allProps = props and even though it's an array, sorting either also sorts the other, but now I do this

• props.forEach(function(item) {allProps.push(item)}) and they're not entangled

I thought only objects had that fucked up quantum entanglement

[Thorin-Oakenpants]

https://github.com/arkenfox/TZP/blob/88df9aaaa38e99f058fbee6c6e667be90a3aa0b7/js/misc.js#L86

OK, tested 37 browsers, six tests each, new tab when switching to RFP on

• Performance is always last (or almost last if console open)
  • RFP doesn't affect this
• If console is open
• FF60-61: Event + StyleSheetList or Event + StyleSheetList + Location comes after Performance
• FF62+ Event or Event + Location comes after Performance

FF60-61
- RFP-any console-n: Node,Document,HTMLDocument,Performance
- RFP-any console-y: HTMLDocument,Performance,Event,StyleSheetList / Performance,Event,StyleSheetList,Location

FF62-88
- RFP-any console-n: Node,Document,HTMLDocument,Performance
- RFP-any console-y: Document,HTMLDocument,Performance,Event / HTMLDocument,Performance,Event,Location

FF89-96
- RFP-any console-n: HTMLDocument,EventCounts,Map,Performance
- RFP-any console-y: EventCounts,Map,Performance,Event / Map,Performance,Event,Location

my work here is done

[Thorin-Oakenpants]

PS: all the extra shit in TB is from NoScript - I tested them as well with and without NoScript extension enabled (ESR60, 68, 78, 91)

• I don't treat these as false positives, but as suspect (but knownGood)

https://github.com/arkenfox/TZP/blob/32ebe3e7e41d930fc480ff7a2d000d82805e121d/js/misc.js#L36-L39

...aaaaaaand .. now my work is done

[Thorin-Oakenpants]

noted for posterity

    // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41694
        // allowlist NS 11.4.20+ - i.e remove false positives
        // allow slider at safer
    aFilter = ["Element","Event","HTMLCanvasElement","HTMLElement","HTMLFrameElement",
        "HTMLIFrameElement","HTMLObjectElement","Location","MediaSource","Proxy","URL","webkitURL"
    ]

event and location are there because they can come after performance depending on the console being open and if various tabs have been used (I think it was storage or network adds Location) - so the five in the linked tor ticket are standard, the rest are added when on safer - FYI, time for some 💤