-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Browser leaks <canvas> fingerprint through iframes #12453
Comments
cc @pes10k |
This is already fixed :) brave/brave-core#6941 |
@pes10k I've downloaded and tried it with the (almost) latest, Version 1.18.30 Chromium: 87.0.4280.40 (Official Build) nightly (x86_64) version, but experienced the same issues. |
@frzsombor Ah, looks like there are still paths not covered. Thank you very much for the bug report. We'll get it sorted! |
@goodov @pes10k for the testplan here, is it:
That's what the original report says, just wanted to double-check 👍 |
For me, the last three test cases (blob Test, offscreen Test, offscreen Worker Test) are NOT the same as the other test cases above them in a fresh Chrome, but identical to each other. When I posted this issue I debugged the code of the website and I found that this is not a problem but a normal behaviour, however can't remember the reason for the difference. The problem was that the hashes starting with 'cd475...' were the same as I saw (and still see) in an original Chrome. I think the goal should be that all the test cases should be different from the ones that someone sees in a Chrome browser and they should be identical to each other - except the last three, but those should also be identical to each other. I hope this makes sense and thanks for your work. |
Verified
to both
Steps:
Verification passed on
Details
Verification passed on
Ensured the hash is changed when shields are up |
Description
On Firefox, I am using a fingerprint blocking plugin called CanvasBlocker, which seems working pretty well. There is also a test page for that plugin. Using Firefox and the plugin, I always get "faked" fingerprint in all test cases, but it looks like Brave browser leaks the original fingerprint even in strict mode in some test cases. (I only checked the canvas tests)
Steps to Reproduce
Actual result:
Original (equal to Google Chrome) fingerprint gets displayed in some cases.
Expected result:
Same fake fingerprint in all test cases
Reproduces how often:
All the time
Brave version (brave://version info)
Brave | 1.16.68 Chromium: 86.0.4240.111
The text was updated successfully, but these errors were encountered: