Open arthuredelstein opened 6 years ago
an tiny initial list
universal tests
browser specific (meaning you mark the other browsers as a green -
)
We could list all RFP and Brave's standard/strict protections, and decide if they should be added, and how they can be tested. For example, RFP enforces prefers-color as light, so your browser would need to be set up as prefers dark in Tor Browser.
Since you know the browser being tested and the default Brave Shield protection, you could simply return protections such as audio as protected (it is randomized). I am not a fan of this approach here - but there is something to be said for leveraging known implementations to detect randomizing protections in the real world, i.e. in fingerprinting scripts
FYI: you can add css as well as matchMedia queries, by using JS to look up the pseudo value, but since only RFP does this and we already know it's covered, it seems a bit moot
I use this on TZP to detect screen spoofing and bypass it, but I use an upper and lower bound (ranges are too large when you factor in scaling and zoom etc to cover everything). If not bypassable due to range, I still know if the value is untrustworthy. But you don't have those issues to worry about, just add the values that cover your tests css - except you probably don't want to use _min_ (I use that as it shows a difference with hiDPI - i.e subpixels and rounds down for entropy) ```css @media (min-device-width:499px){#S:before{content:"";}} @media (min-device-width:500px){#S:before{content:"500";}} /* etc */ @media (min-device-width:2560px){#S:before{content:"2560";}} @media (min-device-width:2561px){#S:before{content:"";}} /* upper */ @media (min-device-height:499px){#S:after{content:"";}} /* lower */ @media (min-device-height:499px){#S:after{content:"";}} /* lower */ @media (min-device-height:500px){#S:after{content:" x 500";}} /* etc */ @media (min-device-height:2560px){#S:after{content:" x 2560";}} @media (min-device-height:2561px){#S:after{content:"";}} ``` html - `x` is my catchall, I use this to also check other css values such as colors, CSS4 items, etc ```html ``` js example ```js function getElementProp(id, prop, pseudo) { try { let item = window.getComputedStyle(document.querySelector(id), pseudo) item = item.getPropertyValue(prop) if (item == "none") {item = "x"} item = item.replace(/"/g,"") if (!isNaN(item * 1)) {item = item * 1} // numbers if (item == "") {item = "x"} // blanks return item } catch(e) { return "x" } } let w = getElementProp("#S","content",":before"), h - getElementProp("#S","content",":after"), console.log("screen as shown by css", w +" x "+ h) ```
Also write this into the repository, in JSON format.