Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

farble across all channels, unpredictably #7793

Closed
wants to merge 1 commit into from
Closed

farble across all channels, unpredictably #7793

wants to merge 1 commit into from

Conversation

pes10k
Copy link
Contributor

@pes10k pes10k commented Feb 3, 2021
edited
Loading

Currently we choose a single channel, decided by the domain seed, and farble only that channel. This allows attackers to remove the randomness by:

  1. serializing an empty canvas
  2. seeing which channel is modified
  3. stripping that channel and using the other two channels to generate the fingerprint

This PR determines which channel to farble based on the random stream, so that a different channel is selected for each point we add noise.

Resolves brave/brave-browser#12069

Submitter Checklist:

  • There is a ticket for my issue.
  • Used Github auto-closing keywords in the commit message.
  • Wrote a good PR/commit description
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed).
  • Requested a security/privacy review as needed.

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@pes10k pes10k requested a review from a team as a code owner February 3, 2021 00:05
@pes10k pes10k requested a review from pilgrim-brave February 3, 2021 00:05
@pes10k pes10k force-pushed the farble-across-all-canvas-channels branch 3 times, most recently from 9bf705d to bb8a8f3 Compare February 3, 2021 04:46
@pes10k pes10k force-pushed the farble-across-all-canvas-channels branch from 5b25dcf to b76237c Compare February 4, 2021 02:33
@pes10k pes10k mentioned this pull request Feb 4, 2021
Merged
23 tasks
@pes10k
Copy link
Contributor Author

pes10k commented Feb 4, 2021

im giving up trying to get this to build, trying again here: #7812

@pes10k pes10k closed this Feb 4, 2021
@pes10k pes10k deleted the farble-across-all-canvas-channels branch June 10, 2021 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pilgrim-brave pilgrim-brave Awaiting requested review from pilgrim-brave

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

When farbling canvas, farble across all channels
1 participant
@pes10k