[tbb-bugs] #16336 [Tor Browser]: Make sure the User Timing API does not provide a new high resolution timestamp
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 24 08:59:50 UTC 2015
#16336: Make sure the User Timing API does not provide a new high resolution
timestamp
-------------------------+-------------------------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: ff38-esr, tbb-fingerprinting-time-
Resolution: | highres, tbb-pref, MikePerry201506
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Changes (by mikeperry):
* keywords: ff38-esr, tbb-fingerprinting-time-highres => ff38-esr, tbb-
fingerprinting-time-highres, tbb-pref, MikePerry201506
Comment:
In fact this is a DOMHighresTimeStamp. Units are milliseconds, but
resolution is at least microseconds (and even higher resolution for
Mozilla Firefox, depending on CPU model).
This API also allows content to store names for timers and timestamps (in
what scope? who knows.. the [http://www.w3.org/TR/2013/REC-user-
timing-20131212/#privacy-security privacy section of the W3C spec]
basically just takes a shit on any privacy concerns), complicates things
like #16110, and the API generally appears to be useless from a practical
point of view.
I say we disable it for now, and maybe even forever. The
dom.enable_user_timing pref does in fact seem to work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16336#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list