Fingerprinting causing graphics issues on https://israelhiking.osm.org.il

ryanbr commented 3 years ago

Description

Graphic glitches due to fingerprinting on https://israelhiking.osm.org.il/poi/OSM/way_122664587?language=he

Steps to Reproduce

open https://israelhiking.osm.org.il/poi/OSM/way_122664587?language=he
When loaded, shows small graphic glitches on the map

Actual result:

Fingerprinting = Standard. israel-hiking-fingerprint-standard

Expected result:

Fingerprinting = Off. israel-hiking-fingerprint-off

Reproduces how often:

With default shields, easily. May need to zoom out/in on map.

Brave version (brave://version info)

Version 1.28.106 Chromium: 92.0.4515.159 (Official Build) (64-bit)

Version/Channel Information:

Can you reproduce this issue with the current release?
Can you reproduce this issue with the beta channel?
Can you reproduce this issue with the nightly channel?

Other Additional Information:

Does the issue resolve itself when disabling Brave Shields? Yes
Does the issue resolve itself when disabling Brave Rewards?
Is the issue reproducible on the latest version of Chrome?

Miscellaneous Information:

Reported https://community.brave.com/t/when-in-https-israelhiking-osm-org-il-there-are-some-weird-rectangles-on-the-screen-screenshot-attached/276864

cc: @pes10k

pes10k commented 3 years ago

Thank you for the bug report! What you're seeing is a side effect of our fingerprinting randomization protections. In the short term, you can work around this by disable fingerprinting protections on this page (i.e., "Allow all fingerprinting").

However, this is very surprising for two reasons: First, we only apply randomization when the site does canvas operations, and reads the canvas back into memory. This is an uncommon pattern on the Web, which is why you don't see these issues on, say, Google Maps. Thats not necessarily a bug or anything on this site, its just surprising and rare.

Second, its odd because Brave's randomization is very subtle, small changes to a few pixels, and not the large amounts of smudging / changing you see on this page. It again suggests that the site is doing something very odd and uncommon.

I'll talk with @pilgrim-brave who has done the vast majority of the hard work on Brave's fingerprinting defenses and see if there is something going sideways Brave-side, or if there is something we can do for this site that doesn't require reducing Brave's privacy protections.

But, TL;DR; disabling fingerprinting protections on this site will remove the smudges you're seeing, and we'll see if we can do something more broadly to help. Thanks!

quentincaffeino commented 2 years ago

Same issue with editing segments on this website: https://waveform.prototyping.bbc.co.uk/ (for more info see https://github.com/bbc/peaks.js/issues/412)

This photo editor is also broken if strict protection is enabled: https://www.photopea.com/, it does work on standard protection. Repro: 1. open any image, 2. whole editing area is white.

Edit: bbc/peaks.js uses konva for canvas rendering which also suffers from brave fingerprint protection: https://github.com/konvajs/konva/issues/1132

I think for me as a tech guy this isn't much of a problem also since now I know why it happens. But I feel like it might be useful to add some popup for a regular user. When canvas is detected on a page and user has enabled fingerpint protection show something like "this website uses canvas, fingerprint protection might break it". Because if konva is still usable, photopea becomes completely unusable and most users might just drop the browser because of that.

rookiemonkey commented 4 months ago

@pes10k I think what we can only do at the moment is tell the user (on UI) to at least allow fingeprinting but we need a way to detect whether shield is on or not. I've been looking for ways to do this but no luck.

brave / brave-browser