Closed pes10k closed 1 year ago
@pes10k @pilgrim-brave could we please get a test plan for this one since it's labeled QA/Yes
?
Marking as QA/Blocked
until the above is sorted.
okie i'll add one now, hope to have it done by the all hands
@LaurenWags here ya go https://dev-pages.brave.software/fingerprinting/devices.html (the second test on the page)
Thanks for the quick assistance @pes10k!
Verification PASSED
using
Brave | 1.51.79 Chromium: 112.0.5615.49 (Official Build) beta (64-bit)
-- | --
Revision | bd2a7bcb881c11e8cfe3078709382934e3916914-refs/branch-heads/5615@{#936}
OS | Windows 11 Version 22H2 (Build 22621.1413)
PASSED
Shileds
Up in the Shields panelUnknown device from Via Labs., Inc.
and clicked connectUnknown device from Chicony Electronics Co. Ltd.
and clicked connectQuery previously connected devices
for the list of devices that are pairedSite 1: https://dev-pages.brave.software/fingerprinting/devices.html
ex | ex | ex | ex | ex |
---|---|---|---|---|
Site 2: https://dev-pages.bravesoftware.com/fingerprinting/devices.html
ex | ex | ex | ex |
---|---|---|---|
PASSED
Off
in the Shields Other site
for Disabled
Site 1: https://dev-pages.brave.software/fingerprinting/devices.html
ex | ex | ex |
---|---|---|
Site 2: https://dev-pages.bravesoftware.com/fingerprinting/devices.html ex | ex |
---|---|
This is an issue in the test, not the implementation. I'll fix the test but what your seeing reflects the feature working as expected. Please do not let this block the QA process
(btw, the test should be fixed now)
@pes10k: thanks for the fix on test site (figured that could be). However, I have a question on Disabled
scenario. Where would I disable them? I see Blocked
setting but NOT Disable brave://settings/content/siteDetails?site=https%3A%2F%2Fdev-pages.brave.software.
Is there a different place where I should be disabling?
ex | ex | ex |
---|---|---|
@MadhaviSeelam if you want to remove access for these devices to this site, I think the only open you have in the "reset permission" button (or to clear all site storage for the site).
But for the test, by disabled, i mean shields disabled, not the USB devices disabled
@pes10k thank you! Didn't test with Shields Down
but looked at Allow Finger printing
while Shields Up
. Wasn't sure that was the scenario to be tested. Now I see Allow Finger printing
and Shields Disabled
have same values.
Please review my verification notes if you don't mind.
That all looks good and correct and expected. Thanks!
Sorry - tried to find a USB device which has/emits a serial #, but out of the only 6 I've tried and found at home so far, none have 🤷♂️ - @LaurenWags mind trying?
Verified with
Brave | 1.51.87 Chromium: 112.0.5615.49 (Official Build) beta (x86_64)
-- | --
Revision | bd2a7bcb881c11e8cfe3078709382934e3916914-refs/branch-heads/5615@{#936}
OS | macOS Version 13.3.1 (Build 22E261)
Reproduced the issue using 1.50.114 on Release channel. Saw same serial number for webcam on both test sites listed below with default shield settings.
InProgress
Shields
Up in the Shields panelSite 1: https://dev-pages.brave.software/fingerprinting/devices.html Site 2: https://dev-pages.bravesoftware.com/fingerprinting/devices.html
Site 1 | Site 2 |
---|---|
PASSED
Off
for both Site 1Site 1 | Site 2 |
---|---|
Verification passed on
Brave | 1.51.107 Chromium: 113.0.5672.63 (Official Build) (64-bit) |
---|---|
Revision | 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912} |
OS | Ubuntu 18.04 LTS |
PASSED
PASSED
Verified on Google Pixel 6
and Galaxy Tab S8
using version(s):
Device/OS:
- Google Pixel 6 [oriole-user 13 TQ2A.230405.003.E1 release-keys]
- SM-X700 Galaxy Tab S8 [gts8wifixx-user 13 TP1A.220624.014 release-keys]
Brave build: 1.51.109 Chromium: 113.0.5672.63 (Official Build) (64-bit)
Currently sites can use WebUSB to try and get access to users USB devices. This is permission gated, so its a rare occurrence on the web, but must happen somewhere.
If you give a site access to a USB device, the site can learn the serial number for that USB device, which in some cases will be a fixed global identifier for your machine. We should probably remove, randomize or farble these serial numbers.