Open Zer0-One opened 3 weeks ago
robinlinden
commented
3 weeks ago Note that this requires implementing being fingerprinted first. :P (Looks like those links are focused on JS and APIs provided in JS that we haven't even started looking at.)
robinlinden
commented
3 weeks ago @Zer0-One can you maybe rewrite this issue to be more along the lines of what APIs are vulnerable to fingerprinting and to bear this in mind when implementing them? This issue makes it sound like JS fingerprinting is an issue in the engine when it's really a hypothetical future problem.
Zer0-One
commented
3 weeks ago It's a future problem. I'm just documenting it so we make it a priority later. It's not hypothetical, it's guaranteed to be an issue if we don't keep fingerprinting in mind while implementing stuff.
Here's a list of interfaces we should consider for such a feature:
robinlinden
commented
3 weeks ago I am not saying we shouldn't bear fingerprinting in mind when implementing things. I'm saying it's a hypothetical future problem because it's not a real problem that exists in the browser right now. The only information that leaves the browser are the headers we send when making HTTP-requests, and those are the same for every Hastur instance right now.
The only almost-there additional bit of information we have right now is that the light/dark theme media-query thing could be used to find out if the user has set their OS to a light or dark theme, but I think most privacy-focused browser setups require the user to opt into that following the system, so that's what I figured we'd do in a more privacy-focused setup.
robinlinden
commented
3 weeks ago @Zer0-One per discussion on IRC, is that title more along the lines of what you were going for? Sorry for the misunderstanding. 😅
Implement fingerprint randomization and protection.
https://brave.com/privacy-updates/3-fingerprint-randomization/ https://dl.acm.org/doi/abs/10.1145/2736277.2741090 https://inria.hal.science/hal-01527580/document
https://coveryourtracks.eff.org