patmmccann
commented
3 months ago we should try and add some of the worst functions to the linting rules
Open patmmccann opened 3 months ago
patmmccann
commented
3 months ago we should try and add some of the worst functions to the linting rules
patmmccann
commented
3 months ago Noted in committee, it can be hard to get off these lists
github-baptiste-haudegand
commented
3 months ago Hello ! On behalf of Teads, we are starting to look into this issue and we will keep you posted once we have more information
Thanks,
github-saad-elmahfoudi
commented
3 months ago Hello, On Teads side, these features are not at all used for fingerprinting. They're used exclusively to calibrate better our machine learning models for delivery. So the knowledge we get from them is only if an ad will deliver better on a type of environment (device memory, hardware concurrency ...). is it mandatory to remove these features from our connector even if our use case does not fall in the category of fingerprinting? Thank you!
SylviaF
commented
3 months ago Hi,on Baidu side, We’ve found that we did retrieve device memory, but we didn't use if for fingerprinting. We plan to submit a PR for deprecation that code by next Wednesday.
patmmccann
commented
3 months ago @github-saad-elmahfoudi discussion is ongoing, there is no policy, we're just asking what the use is so far
Also, turns out my Mom was right, I am special: amiunique.com
patmmccann
commented
3 months ago One requirement from discussion: add a lot more functions to the codeql scanner. Add some documentation disclosures.
jdwieland8282
commented
3 months ago And notify code reviews when PRs come in when the adapter has a score greater than x? 50? what sounds reasonable @dgirardi ?
dgirardi
commented
3 months ago weights from the OP, in order:
{
"KeyboardEvent.prototype.code": 0,
"TouchEvent.prototype.constructor": 0,
"CookieStore.prototype.getAll": 0.03,
"Animation.prototype.startTime": 0.35,
"CookieStore.prototype.set": 0.43,
"Document.prototype.interestCohort": 0.7,
"Event.prototype.timeStamp": 0.77,
"Navigator.prototype.userAgent": 1.44,
"Date.prototype.getTime": 1.73,
"Document.cookie getter": 1.96,
"CookieStore.prototype.get": 2.29,
"NavigatorUAData.prototype.getHighEntropyValues": 2.41,
"Document.cookie setter": 2.66,
"window.localStorage": 2.88,
"Navigator.prototype.javaEnabled": 3.15,
"Navigator.prototype.presentation": 3.29,
"window.sessionStorage": 4.36,
"Navigator.prototype.language": 4.66,
"HTMLMediaElement.prototype.canPlayType": 4.75,
"URL.createObjectURL": 4.95,
"window.name": 5.39,
"Navigator.prototype.product": 5.55,
"Navigator.prototype.vendor": 5.59,
"Screen.prototype.width": 5.66,
"Screen.prototype.height": 5.76,
"NavigatorUAData.prototype.platform": 6.09,
"PerformanceTiming.prototype.navigationStart": 6.16,
"NavigatorUAData.prototype.brands": 6.17,
"window.matchMedia(\"prefers-color-scheme\")": 6.31,
"Navigator.prototype.appVersion": 6.48,
"Navigator.prototype.plugins": 6.67,
"speechSynthesis.__proto__.getVoices": 6.74,
"Navigator.prototype.appName": 7.72,
"window.innerWidth": 7.95,
"BroadcastChannel.prototype.constructor": 8.05,
"Navigator.prototype.platform": 8.72,
"window.innerHeight": 8.83,
"Element.prototype.getClientRects": 8.89,
"Animation.prototype.currentTime": 9.5,
"console.memory": 9.69,
"Navigator.prototype.doNotTrack": 10.59,
"Performance.prototype.memory": 11.38,
"Navigator.prototype.requestMediaKeySystemAccess": 11.58,
"Navigator.prototype.languages": 11.67,
"Navigator.prototype.mimeTypes": 12.34,
"KeyboardEvent.prototype.keyCode": 12.81,
"Navigator.prototype.maxTouchPoints": 12.85,
"Notification.permission": 13.16,
"Navigator.prototype.cookieEnabled": 14.16,
"BarProp.prototype.visible": 14.5,
"document.fonts.check": 14.67,
"MediaSource.isTypeSupported": 14.91,
"Screen.prototype.colorDepth": 15,
"Navigator.prototype.connection": 15.09,
"Date.prototype.getTimezoneOffset": 15.51,
"window.indexedDB": 19.13,
"Intl.DateTimeFormat.prototype.resolvedOptions": 19.55,
"Navigator.prototype.onLine": 21.05,
"window.devicePixelRatio": 21.48,
"Navigator.prototype.webkitTemporaryStorage": 22.56,
"WebGLRenderingContext.prototype.getExtension": 27.99,
"WebGLRenderingContext.prototype.getParameter": 28.93,
"HTMLCanvasElement.prototype.toBlob": 30.48,
"Screen.prototype.orientation": 30.62,
"CanvasRenderingContext2D.prototype.getImageData": 31.78,
"RTCPeerConnection.prototype.constructor": 34.05,
"AudioWorkletNode.prototype.constructor": 34.17,
"CanvasRenderingContext2D.prototype.measureText": 39.1,
"Screen.prototype.pixelDepth": 39.87,
"Navigator.prototype.webdriver": 40.3,
"Navigator.prototype.getGamepads": 41.79,
"Navigator.prototype.permissions": 46.67,
"RTCPeerConnectionIceEvent.prototype.candidate": 48.29,
"HTMLCanvasElement.prototype.toDataURL": 56.69,
"Screen.prototype.availWidth": 57.48,
"Screen.prototype.availHeight": 65.65,
"SharedWorker.prototype.constructor": 77.09,
"Navigator.prototype.deviceMemory": 77.73,
"WebGL2RenderingContext.prototype.getShaderPrecisionFormat": 82.3,
"window.outerWidth": 93.81,
"WebGL2RenderingContext.prototype.getExtension": 97.73,
"Navigator.prototype.storage": 104.16,
"Sensor.prototype.start": 105.92,
"Navigator.prototype.getBattery": 110.74,
"WebGL2RenderingContext.prototype.getContextAttributes": 111.65,
"WebGL2RenderingContext.prototype.getParameter": 123.53,
"Navigator.prototype.appCodeName": 126.07,
"Navigator.prototype.hardwareConcurrency": 126.62,
"DeviceMotionEvent.prototype.rotationRate": 140.08,
"WebGL2RenderingContext.prototype.readPixels": 143.15,
"Navigator.prototype.mediaDevices": 143.39,
"Navigator.prototype.webkitPersistentStorage": 148.84,
"DeviceMotionEvent.prototype.acceleration": 154.46,
"window.screenX": 164.78,
"window.screenY": 170.69,
"window.outerHeight": 177.73,
"window.openDatabase": 184.71,
"window.screenLeft": 185.53,
"window.screenTop": 195.93,
"DeviceOrientationEvent.prototype.absolute": 243.44,
"Navigator.prototype.productSub": 244.99,
"MediaDevices.prototype.enumerateDevices": 295.05,
"Navigator.prototype.mediaCapabilities": 297.08,
"Screen.prototype.availLeft": 316.11,
"DeviceMotionEvent.prototype.accelerationIncludingGravity": 401.45,
"DeviceOrientationEvent.prototype.alpha": 491.03,
"WebGLRenderingContext.prototype.readPixels": 573.35,
"WebGLRenderingContext.prototype.getShaderPrecisionFormat": 577.23,
"Screen.prototype.availTop": 697.25,
"WebGL2RenderingContext.prototype.getSupportedExtensions": 708.95,
"AudioBuffer.prototype.getChannelData": 731.13,
"DeviceOrientationEvent.prototype.gamma": 854.41,
"OfflineAudioContext.prototype.constructor": 881.88,
"DeviceOrientationEvent.prototype.beta": 969.11,
"WebGLRenderingContext.prototype.getSupportedExtensions": 1531.25,
"Navigator.prototype.vendorSub": 2143.79,
"Navigator.prototype.keyboard": 2216.74,
"WebGLRenderingContext.prototype.getContextAttributes": 2533.19,
"CanvasRenderingContext2D.prototype.isPointInPath": 4450.94,
"Gyroscope.prototype.x": 4450.94,
"Gyroscope.prototype.y": 4450.94,
"Gyroscope.prototype.z": 4450.94,
"Gyroscope.prototype.constructor": 4450.94
}"window.devicePixelRatio" (21.48) to me seems like the last "legitimate" api, but I don't know.
https://github.com/duckduckgo/tracker-radar/blob/main/build-data/generated/api_fingerprint_weights.json#L97 indicates which apis are used for fingerprinting .
Prebid gets flagged as "3" which is definitely a printer https://github.com/duckduckgo/tracker-radar/blob/main/docs/DATA_MODEL.md
These results are used by safari to identify trackers and prevent their calls in private mode https://webkit.org/blog/15697/private-browsing-2-0/
Should we ban these functions in use by Baidu and Teads? https://github.com/search?q=repo%3Aprebid%2FPrebid.js%20deviceMemory&type=code https://github.com/search?q=repo%3Aprebid%2FPrebid.js+hardwareconcurrency&type=code
The latter is useful for bot detection i think? Teads and Baidu teams, could you elaborate on your use case?