Fingerprinting 2.0: Plugins #9435
Labels
feature/shields/fingerprint
The fingerprinting (aka: "device recognition") protection provided in Shields
OS/Android
Fixes related to Android browser functionality
OS/Desktop
privacy
privacy-pod
Feature work for the Privacy & Web Compatibility pod
QA Pass - Android ARM
QA Pass - Android Tab
QA Pass-Linux
QA Pass-macOS
QA Pass-Win64
QA/Yes
release-notes/include
Milestone
Comments
pes10k
added
feature/shields/fingerprint
10 tasks
|
I don't see how the randomization of names could help. The issue is bigger than Brave - if the UA, rendering engine and other stuff already tell the world it's Chromium, plugin randomization would only make the user more distinct, because it is unlike any other Chromium. Another option could be emulating Firefox/Tor browser by simply keeping it an empty array, but again, that needs more precautions overall. |
|
https://brave.com/whats-brave-done-for-my-privacy-lately-episode3/ gives some background why randomization is superior to fixed response, when you can do it w/o breaking things |
32 tasks
This was referenced Jul 7, 2020
|
For QA, I've added a plugins test to https://dev-pages.brave.software/farbling.html |
bbondy
added
OS/Android
|
Verified passed with Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html Confirmed with shields up, FP values are the same for "Plugins" per page, but the values are different between the two pages aboveNote - logged #11278 as a follow-up for the Default Shields (FP = Standard): Modified Shields (FP = Strict): Confirmed with shields up, if you close and relaunch the browser, and visit the pages again the values for "Plugins" are different (they are not retained between sessions)See note about logged issue in above Default Shields (FP = Standard): Modified Shields (FP = Strict): Confirmed with shields down, FP values for "Plugins" are the same for each individual item on a given page and are the same for both pagesShields Down: Confirmed with shields down, if you close and relaunch the browser, and visit the pages again, the values for "Plugins: are the same (they are retained between sessions)Shields Down: Verification passed on
(FP = Strict):
(FP = Strict):
Verification passed on
Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html Confirmed with shields up, FP values are the same for "Plugins" per page, but the values are different between the two pages aboveEncountered #11278 Default Shields (FP = Standard): Modified Shields (FP = Strict): Confirmed with shields up, if you close and relaunch the browser, and visit the pages again the values for "Plugins" are different (they are not retained between sessions)See note about logged issue in above Default Shields (FP = Standard): Modified Shields (FP = Strict): Confirmed with shields down, FP values for "Plugins" are the same for each individual item on a given page and are the same for both pagesShields Down: Confirmed with shields down, if you close and relaunch the browser, and visit the pages again, the values for "Plugins: are the same (they are retained between sessions)Shields Down: |
|
Verification passed on OnePlus 6T with Android 10 running 1.13.81 x64 build Verified using Verified with shields up, FP values are same for "Plugins" on the same page but values are different on each page
Verified with shields up closing and relaunching the browser values for "Plugins" are not retained between sessions
Verified with shields down, FP values for "Plugins" are set to `00000000` as plugin list is empty
Verified with shields down, FP values for "Plugins" value of "00000000" is retained between sessions
Verification passed on Samsung Tab A with Android 10 running 1.13.81 x64 build Verified using Verified with shields up, FP values are same for "Plugins" on the same page but values are different on each page
Verified with shields up closing and relaunching the browser values for "Plugins" are not retained between sessions
Verified with shields down, FP values for "Plugins" are set to `00000000` as plugin list is empty
Verified with shields down, FP values for "Plugins" value of "00000000" is retained between sessions
|
This was referenced Sep 4, 2020
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Jan 29, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so there's no need for Brave to implement a
farbling mechanism for such array any more.
Thus, we can now remove all the code added to implement that and drop
a couple of patches to upstream's Chromium in the way too.
Main related issues in Brave's GitHub:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Feb 3, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 5, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Feb 5, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 10, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Feb 17, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Feb 19, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Feb 23, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 24, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 26, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 4, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 5, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Mar 8, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 10, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 10, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 12, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Mar 15, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Mar 23, 2021
Due to the removal of flash, navigator.plugins will always report an
empty array from now on, so Brave needs to adapt its farbling mechanism
to work like this depending on the selected behavior:
* "off": return the real navigators.plugins, that is, an empty array.
* "balanced" or "maximum": return 2 randomly generated fake plugins.
Additionally, we need to adapt the browser tests to account for this
new scenario, and test that indeed the expectation of navigator.plugins
returning an empty array stays true.
Issues in Brave's GitHub related to the implementation of this feature:
* Fingerprinting 2.0: Plugins
brave/brave-browser#9435
* Fingerprinting 2.0: Plugins (word replacement)
brave/brave-browser#10597
Chromium change:
https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
Author: Mason Freed <masonfreed@chromium.org>
Date: Wed Jan 20 18:50:56 2021 +0000
Empty out navigator.plugins and navigator.mimeTypes
With this CL, navigator.plugins and navigator.mimeTypes will
both return empty arrays.
With the removal of Flash, there is no longer the need to
return anything for navigator.plugins and navigator.mimeTypes.
These APIs were used primarily for a) probing for Flash player
support, or b) fingerprinting. As such, we'd like to return
empty for these two properties. Gecko already switched to
returning *only* Flash starting with Firefox 52, and returning
empty as of Firefox 85.
I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
Fixed: 1164635
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a sub-issue of the larger fingerprinting defense reorganization #8787
Plugins interfaces
NavigatorPlugins.pluginsnavigator.pluginsCurrently Brave reports two plugins, "Chrome PDF Plugin" and "Chrome PDF Viewer"
Word replacements:
Random plugin
(see https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/modules/plugins/dom_plugin.cc)
chrome/browser/spellchecker/spellcheck_hunspell_dictionary.hchrome/browser/spellchecker/spellcheck_hunspell_dictionary.hdefault protection:
max protection:
The text was updated successfully, but these errors were encountered: