searching for reviewer(arthuredelstein)
d48ee9ed6819: Bug 1492766 - Part 3: Update the test_pointer_event.html for test of pointer id spoofing r=masayuki,arthuredelstein
Tim Huang <tihuang@mozilla.com> - Wed, 14 Nov 2018 07:17:51 +0000 - rev 447190
Push 35071 by aiakab@mozilla.com at Tue, 20 Nov 2018 16:46:09 +0000
Bug 1492766 - Part 3: Update the test_pointer_event.html for test of pointer id spoofing r=masayuki,arthuredelstein This test add a check for pointer id to make sure it always reply the spoofed pointer id when resistfingerpritning is enabled. It also extend the original test of pointer capture events into a test which tests mouse and touch interfaces to make sure pointer capture events is correctly filed even with the spoofed interface id. In addition, it also adds test for that set/releasePointerCapture only accepts spoofed pointer id when fingerprinting resistance is enabled. Depends on D9532 Differential Revision: https://phabricator.services.mozilla.com/D9533
76017cad8320: Bug 1492766 - Part 2: Makes the set/releasePointerCapture working properly when fingerprinting resistance is enabled r=masayuki,arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Mon, 19 Nov 2018 16:36:14 +0000 - rev 447189
Push 35071 by aiakab@mozilla.com at Tue, 20 Nov 2018 16:46:09 +0000
Bug 1492766 - Part 2: Makes the set/releasePointerCapture working properly when fingerprinting resistance is enabled r=masayuki,arthuredelstein,smaug When fingerprinting resistance is enabled, content should only view the pointer capture events from the spoofed interface. In order to do so, first, we need to restrict content to only set or release pointer capture for only the spoofed pointer id. Second, we have to map other interfaces into the spoofed one for pointer capture events. Depends on D9531 Differential Revision: https://phabricator.services.mozilla.com/D9532
a575162d9f5b: Bug 1492766 - Part 1: Spoofing the pointer id of pointer events when resistfingerprinting is enabled r=masayuki,smaug,arthuredelstein
Tim Huang <tihuang@mozilla.com> - Tue, 20 Nov 2018 09:54:52 +0000 - rev 447188
Push 35071 by aiakab@mozilla.com at Tue, 20 Nov 2018 16:46:09 +0000
Bug 1492766 - Part 1: Spoofing the pointer id of pointer events when resistfingerprinting is enabled r=masayuki,smaug,arthuredelstein This patch makes it to spoof the pointer id into mouse pointer id when resistfingerprinting is enabled. And we will only spoof for content but not for chrome. Since we don't know the pointer id beforehand, we have to cache the pointer id of the mouse interface when it is activated. And use that pointer for the purpose of fingerprinting resistance. Differential Revision: https://phabricator.services.mozilla.com/D9531
0b4b3d826b3f: Bug 1492607 - Part 2: Add a test case for assuring postMessage cannot post across OAs r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Thu, 25 Oct 2018 06:47:18 +0000 - rev 443096
Push 34939 by nerli@mozilla.com at Fri, 26 Oct 2018 15:47:55 +0000
Bug 1492607 - Part 2: Add a test case for assuring postMessage cannot post across OAs r=arthuredelstein,baku This test case will turn on the first party isolation and try to open two tabs that the first tab is the opener of the second tab. It will test for different settings and making sure that postMessage cannot go across with the targetOrigin '*' for different FPDs when the pref 'privacy.firstparty.isolate.block_post_message' is enabled. Depends on D8521 Differential Revision: https://phabricator.services.mozilla.com/D8522
dfc3795ef568: Bug 1492607 - Part 1: Making postMessage to be aware of OAs when the targetOrigin is "*." r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Thu, 25 Oct 2018 06:47:08 +0000 - rev 443095
Push 34939 by nerli@mozilla.com at Fri, 26 Oct 2018 15:47:55 +0000
Bug 1492607 - Part 1: Making postMessage to be aware of OAs when the targetOrigin is "*." r=arthuredelstein,baku This patch adds a MOZ_DIAGNOSTIC_ASSERT for assuring the OAs are matching when the targetOrigin is "*" for the postMessage(). But it ignores the FPD in OA since the FPDs are possible to be different. We also add a new pref 'privacy.firstparty.isolate.block_post_message' for allowing blocking postMessage across different FPDs. Differential Revision: https://phabricator.services.mozilla.com/D8521
7741c70c8bce: Bug 1363508 - Part 4: Add a test case for testing pointer event spoofing when fingerprinting resistance is on r=arthuredelstein,masayuki
Tim Huang <tihuang@mozilla.com> - Wed, 10 Oct 2018 06:42:16 +0000 - rev 440525
Push 34824 by toros@mozilla.com at Wed, 10 Oct 2018 21:56:50 +0000
Bug 1363508 - Part 4: Add a test case for testing pointer event spoofing when fingerprinting resistance is on r=arthuredelstein,masayuki This patch add a mochitest which tests all pointer events to assure touch and pen pointer events will be spoofed into mouse pointer events. However, we are not able to test the suppressing of the non-primary pointer events since we cannot generate a pointer event with isPrimary as false so far. Depends on D6005 Differential Revision: https://phabricator.services.mozilla.com/D6006
d56cf859abf7: Bug 1363508 - Part 3: Spoofing navigator.maxTouchPoints into 0 if fingerprinting resistance is enabled r=arthuredelstein,masayuki,smaug
Tim Huang <tihuang@mozilla.com> - Tue, 09 Oct 2018 11:50:03 +0000 - rev 440524
Push 34824 by toros@mozilla.com at Wed, 10 Oct 2018 21:56:50 +0000
Bug 1363508 - Part 3: Spoofing navigator.maxTouchPoints into 0 if fingerprinting resistance is enabled r=arthuredelstein,masayuki,smaug The maxTouchPoints is going to review the detail of users' hardware. So, we will spoof it into 0 if fingerprinting resistance is on. Depends on D6004 Differential Revision: https://phabricator.services.mozilla.com/D6005
24afd8e04316: Bug 1363508 - Part 2: Suppressing the pointer events that have isPrimary as false for fingerprinting resistance r=arthuredelstein,masayuki
Tim Huang <tihuang@mozilla.com> - Tue, 09 Oct 2018 11:50:01 +0000 - rev 440523
Push 34824 by toros@mozilla.com at Wed, 10 Oct 2018 21:56:50 +0000
Bug 1363508 - Part 2: Suppressing the pointer events that have isPrimary as false for fingerprinting resistance r=arthuredelstein,masayuki Because of that the isPrimary of mouse pointer events will always be true. So, we suppress other events that have isPrimary as false when fingerprinting resistance is enabled. Depends on D6003 Differential Revision: https://phabricator.services.mozilla.com/D6004
3e9933f36e45: Bug 1363508 - Part 1: Spoofing pen/touch pointer events into mouse pointer events when fingerprinting resistance is on r=arthuredelstein,masayuki,smaug
Tim Huang <tihuang@mozilla.com> - Tue, 09 Oct 2018 11:55:43 +0000 - rev 440522
Push 34824 by toros@mozilla.com at Wed, 10 Oct 2018 21:56:50 +0000
Bug 1363508 - Part 1: Spoofing pen/touch pointer events into mouse pointer events when fingerprinting resistance is on r=arthuredelstein,masayuki,smaug The pointerType field in the pointer event will reveal the details of users' hardware; this is a fingerprinting vector. So, we would spoof all types of pointer events into mouse type pointer events for protecting users from browser fingerprinting when fingerprinting resistance is on. In this patch, we would spoof the pointerType as well as other fields that mouse pointer events don't support, like pressure, tiltX/Y and so on when fingerprinting resistance is on. Differential Revision: https://phabricator.services.mozilla.com/D6003
01f390f36d95: Bug 1473247 - Part 2: Add a test case for making sure that IP addresses can work properly for the firstPartyDomain. r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Fri, 13 Jul 2018 19:55:02 +0000 - rev 426771
Push 34285 by btara@mozilla.com at Mon, 16 Jul 2018 21:58:41 +0000
Bug 1473247 - Part 2: Add a test case for making sure that IP addresses can work properly for the firstPartyDomain. r=arthuredelstein,baku Differential Revision: https://phabricator.services.mozilla.com/D1978
03e45d7472a0: Bug 1473247 - Part 1: Fixing the issue that the IP addresses won't be set for first party domains. r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Fri, 13 Jul 2018 19:53:15 +0000 - rev 426770
Push 34285 by btara@mozilla.com at Mon, 16 Jul 2018 21:58:41 +0000
Bug 1473247 - Part 1: Fixing the issue that the IP addresses won't be set for first party domains. r=arthuredelstein,baku Right now, the firstPartyDomain won't be set when using IP addresses as first party domains. It is because of that the TLD service won't accept IP addresses as valid hosts. The patch fixes this problem by detecting that if the host is a IP address. If it is, we will still set the firstPartyDoamin with the IP address. Differential Revision: https://phabricator.services.mozilla.com/D1977
d83173f04756: Bug 1222285 - Part 3: Add test cases to check whether keyEvents been correctly spoofed and modifier keys been correctly suppressed. r=arthuredelstein,masayuki
Tim Huang <tihuang@mozilla.com> - Tue, 05 Sep 2017 16:01:02 +0800 - rev 399634
Push 33271 by toros@mozilla.com at Wed, 17 Jan 2018 21:46:52 +0000
Bug 1222285 - Part 3: Add test cases to check whether keyEvents been correctly spoofed and modifier keys been correctly suppressed. r=arthuredelstein,masayuki This patch adds two test cases which generates Keyboard events for English content and test whether the keyboard events been spoofed as US English QWERTY keyboard events. In addition, it also tests that whether the modifier keys been suppressed. MozReview-Commit-ID: d6uZxJJayk
b2f55468b241: Bug 1222285 - Part 2: Making the keyboard events of modifier keys been suppressed when 'privacy.resistFingerprinting' is true. r=arthuredelstein,masayuki
Tim Huang <tihuang@mozilla.com> - Thu, 31 Aug 2017 11:14:14 +0800 - rev 399633
Push 33271 by toros@mozilla.com at Wed, 17 Jan 2018 21:46:52 +0000
Bug 1222285 - Part 2: Making the keyboard events of modifier keys been suppressed when 'privacy.resistFingerprinting' is true. r=arthuredelstein,masayuki This patch makes 'Shift', 'Alt', 'Contorl' and 'AltGraph' been suppressed for content when fingerprinting resistance is enabled. Chrome can still get these events. The reason behind this is that websites can still observe key combinations to tell which keyboard layout is using even we spoof the keyboardEvent.code, keyboardEvent.keyCode and modifier states. For example, the AZERTY France keyboard, the digit keys of it requires the user press the Shift key. So, it is easy to differentiate AZERTY and QWERTY keyboard by observing whether a Shift key generates its own before the digit keys. There are similar issues for 'Alt' and 'AltGraph' as well. MozReview-Commit-ID: 3CwCgvey4lK
7140b4a3c47a: Bug 1222285 - Part 1: Spoofing the keyboard event to mimc a certain keyboard layout according to the content-language of the document when 'privacy.resistFingerprinting' is true. r=arthuredelstein,masayuki,smaug
Tim Huang <tihuang@mozilla.com> - Tue, 29 Aug 2017 11:33:27 +0800 - rev 399632
Push 33271 by toros@mozilla.com at Wed, 17 Jan 2018 21:46:52 +0000
Bug 1222285 - Part 1: Spoofing the keyboard event to mimc a certain keyboard layout according to the content-language of the document when 'privacy.resistFingerprinting' is true. r=arthuredelstein,masayuki,smaug This patch makes Firefox to spoof keyboardEvent.code, keyboardEvent.keycode and modifier states, for 'Shift', 'Alt', 'Control' and 'AltGraph', when 'privacy.resistFingerprinting' is true. Firefox will spoof keyboard events as a certain keyboard layout according to the content language of the document, for example, we use US English keyboard for English content. Right now, it only supports English contents, we will add more support for more languages later. The spoofing only affects content, chrome can still see real keyboard events. MozReview-Commit-ID: 40JPvwLmMMB
9c586454144b: Bug 1404608 - Reveal the real operating system when fingerprinting resistance is enabled. r=arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Tue, 12 Dec 2017 15:25:49 -0600 - rev 398586
Push 33224 by dluca@mozilla.com at Wed, 10 Jan 2018 21:59:28 +0000
Bug 1404608 - Reveal the real operating system when fingerprinting resistance is enabled. r=arthuredelstein,smaug This patch makes Firefox not to lie about the real operating system when pref 'privacy.resistFingerprinting' is true. This will also change the testcase as well. MozReview-Commit-ID: Gdnp2lMU3wr
4036881d8ab0: Bug 1039069 - Provide a popup about English for international users. r=arthuredelstein,mconley
Chung-Sheng Fu <cfu@mozilla.com> - Tue, 12 Sep 2017 17:32:07 +0800 - rev 394687
Push 33019 by btara@mozilla.com at Mon, 04 Dec 2017 20:16:32 +0000
Bug 1039069 - Provide a popup about English for international users. r=arthuredelstein,mconley MozReview-Commit-ID: IL8i4vzjWQd
4fce39a14630: Bug 1039069 - Provide a popup about English for international users. r=arthuredelstein,mconley
Chung-Sheng Fu <cfu@mozilla.com> - Tue, 12 Sep 2017 17:32:07 +0800 - rev 394472
Push 33006 by rgurzau@mozilla.com at Fri, 01 Dec 2017 10:52:03 +0000
Bug 1039069 - Provide a popup about English for international users. r=arthuredelstein,mconley MozReview-Commit-ID: IL8i4vzjWQd
3f811aa66cdb: Bug 1372073 - Add tests for Media Capture and Streams fingerprinting resistance. r=arthuredelstein,jib
Chung-Sheng Fu <cfu@mozilla.com> - Tue, 19 Sep 2017 15:12:52 +0800 - rev 391515
Push 32892 by ncsoregi@mozilla.com at Mon, 13 Nov 2017 22:56:04 +0000
Bug 1372073 - Add tests for Media Capture and Streams fingerprinting resistance. r=arthuredelstein,jib MozReview-Commit-ID: DY9JpwJevkS
e04a7ec9c152: Bug 1372073 - Spoof MediaStreamTrack. r=arthuredelstein,jib,smaug
Chung-Sheng Fu <cfu@mozilla.com> - Fri, 13 Oct 2017 11:57:25 +0800 - rev 391514
Push 32892 by ncsoregi@mozilla.com at Mon, 13 Nov 2017 22:56:04 +0000
Bug 1372073 - Spoof MediaStreamTrack. r=arthuredelstein,jib,smaug MozReview-Commit-ID: 71UOGrJ9cgm
2133a8484ef0: Bug 1372073 - Suppress devicechange event. r=arthuredelstein,mchiang
Chung-Sheng Fu <cfu@mozilla.com> - Tue, 19 Sep 2017 09:56:48 +0800 - rev 391513
Push 32892 by ncsoregi@mozilla.com at Mon, 13 Nov 2017 22:56:04 +0000
Bug 1372073 - Suppress devicechange event. r=arthuredelstein,mchiang MozReview-Commit-ID: JxxFbOMBQvY
f995ab0441e9: Bug 1372073 - Ignore constraints in getUserMedia. r=arthuredelstein,jib
Chung-Sheng Fu <cfu@mozilla.com> - Mon, 18 Sep 2017 17:51:51 +0800 - rev 391512
Push 32892 by ncsoregi@mozilla.com at Mon, 13 Nov 2017 22:56:04 +0000
Bug 1372073 - Ignore constraints in getUserMedia. r=arthuredelstein,jib MozReview-Commit-ID: KdA9abmg3UA
018f84af573b: Bug 1372073 - Spoof navigator.mediaDevices.enumerateDevices. r=arthuredelstein,jib,smaug
Chung-Sheng Fu <cfu@mozilla.com> - Mon, 18 Sep 2017 09:52:06 +0800 - rev 391511
Push 32892 by ncsoregi@mozilla.com at Mon, 13 Nov 2017 22:56:04 +0000
Bug 1372073 - Spoof navigator.mediaDevices.enumerateDevices. r=arthuredelstein,jib,smaug MozReview-Commit-ID: HubfB6M4UM0
786495fe83ad: Bug 1376973 - Part 2: Add test cases for making sure that favicons of allTabs popup menu is using correct originAttributes. r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Fri, 20 Oct 2017 09:19:58 +0800 - rev 387376
Push 32717 by archaeopteryx@coole-files.de at Fri, 20 Oct 2017 22:01:38 +0000
Bug 1376973 - Part 2: Add test cases for making sure that favicons of allTabs popup menu is using correct originAttributes. r=arthuredelstein,baku This patch adds test cases for testing favicons of allTabs menu in terms of originAttributes. It adds tests in existing tests, browser_favicon_userContextId.js and browser_favicon_firstParty.js. The test will open tabs with different originAttributes and trigger the popup of allTabs menu. Then it will verify that whether the network requests of favicon have correct originAttributes. MozReview-Commit-ID: 4Aa7RDFdosA
cb3d7a0ae189: Bug 1376973 - Part 1: Making the favicon of the allTabs menu obeys originAttributes and rename attribute 'iconLoadingPrincipal' to 'iconloadingprincipal'. r=arthuredelstein,dao
Tim Huang <tihuang@mozilla.com> - Fri, 20 Oct 2017 09:19:57 +0800 - rev 387375
Push 32717 by archaeopteryx@coole-files.de at Fri, 20 Oct 2017 22:01:38 +0000
Bug 1376973 - Part 1: Making the favicon of the allTabs menu obeys originAttributes and rename attribute 'iconLoadingPrincipal' to 'iconloadingprincipal'. r=arthuredelstein,dao MozReview-Commit-ID: AqjIr7xkXs9
c058687eb204: Bug 1376973 - Part 2: Add test cases for making sure that favicons of allTabs popup menu is using correct originAttributes. r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Tue, 17 Oct 2017 20:55:21 +0800 - rev 387230
Push 32716 by archaeopteryx@coole-files.de at Fri, 20 Oct 2017 09:38:32 +0000
Bug 1376973 - Part 2: Add test cases for making sure that favicons of allTabs popup menu is using correct originAttributes. r=arthuredelstein,baku This patch adds test cases for testing favicons of allTabs menu in terms of originAttributes. It adds tests in existing tests, browser_favicon_userContextId.js and browser_favicon_firstParty.js. The test will open tabs with different originAttributes and trigger the popup of allTabs menu. Then it will verify that whether the network requests of favicon have correct originAttributes. MozReview-Commit-ID: 4Aa7RDFdosA
0f393e8b236d: Bug 1376973 - Part 1: Making the favicon of the allTabs menu obeys originAttributes and rename attribute 'iconLoadingPrincipal' to 'iconloadingprincipal'. r=arthuredelstein,dao
Tim Huang <tihuang@mozilla.com> - Tue, 17 Oct 2017 20:55:20 +0800 - rev 387229
Push 32716 by archaeopteryx@coole-files.de at Fri, 20 Oct 2017 09:38:32 +0000
Bug 1376973 - Part 1: Making the favicon of the allTabs menu obeys originAttributes and rename attribute 'iconLoadingPrincipal' to 'iconloadingprincipal'. r=arthuredelstein,dao MozReview-Commit-ID: AqjIr7xkXs9
2189a968511e: Bug 1384330 - Part 2: Add a test case for testing that navigator.mozAddonManager is correctly blocked when pref 'privacy.resistFingerprinting.block_mozAddonManager' is true. r=arthuredelstein,mossop
Tim Huang <tihuang@mozilla.com> - Thu, 14 Sep 2017 16:49:33 +0800 - rev 381363
Push 32525 by archaeopteryx@coole-files.de at Sun, 17 Sep 2017 21:30:19 +0000
Bug 1384330 - Part 2: Add a test case for testing that navigator.mozAddonManager is correctly blocked when pref 'privacy.resistFingerprinting.block_mozAddonManager' is true. r=arthuredelstein,mossop The patch adds a test case which will first test with the pref off to see that navigator.mozAddonManager can be accessed successfully. And then turn the pref on to see that whether navigator.mozAddonManager is blocked. MozReview-Commit-ID: 3nptUqdg7p7
bb14bbb30c41: Bug 1384330 - Part 1: Blocking the mozAddonManager when pref 'privacy.resistFingerprinting.block_mozAddonManager' is true. r=arthuredelstein,mossop
Tim Huang <tihuang@mozilla.com> - Thu, 14 Sep 2017 15:11:21 +0800 - rev 381362
Push 32525 by archaeopteryx@coole-files.de at Sun, 17 Sep 2017 21:30:19 +0000
Bug 1384330 - Part 1: Blocking the mozAddonManager when pref 'privacy.resistFingerprinting.block_mozAddonManager' is true. r=arthuredelstein,mossop This patch adds a hidden pref 'privacy.resistFingerprinting.block_mozAddonManager', which is false by default. When this is true, the navigator.mozAddonManager will be blocked even the website is AMO. The purpose of this pref is for Tor browser can disable navigator.mozAddonManager through this. MozReview-Commit-ID: Lf37gHXETCz
aad2ab1d510c: Bug 1382533 - Disable Presentation API when privacy.resistFingerprinting = true r=arthuredelstein,smaug
Chung-Sheng Fu <cfu@mozilla.com> - Wed, 09 Aug 2017 17:38:30 +0800 - rev 379459
Push 32455 by archaeopteryx@coole-files.de at Thu, 07 Sep 2017 21:50:54 +0000
Bug 1382533 - Disable Presentation API when privacy.resistFingerprinting = true r=arthuredelstein,smaug MozReview-Commit-ID: IDKEqSqm9Ug
bdd7fa60afcf: Bug 1354633 - Add test cases r=arthuredelstein,jwwang
Chung-Sheng Fu <cfu@mozilla.com> - Thu, 17 Aug 2017 18:08:39 +0800 - rev 378308
Push 32428 by archaeopteryx@coole-files.de at Sat, 02 Sep 2017 08:52:28 +0000
Bug 1354633 - Add test cases r=arthuredelstein,jwwang MozReview-Commit-ID: 28FprGa4JEe
120bb4c9f8aa: Bug 1354633 - When privacy.resistFingerprinting = true, MediaError.message can only get whitelisted messages r=arthuredelstein,jwwang
Chung-Sheng Fu <cfu@mozilla.com> - Fri, 04 Aug 2017 18:46:26 +0800 - rev 378307
Push 32428 by archaeopteryx@coole-files.de at Sat, 02 Sep 2017 08:52:28 +0000
Bug 1354633 - When privacy.resistFingerprinting = true, MediaError.message can only get whitelisted messages r=arthuredelstein,jwwang MozReview-Commit-ID: mYBftzcZT5
84021c7d6b39: Bug 1354633 - Add test cases r=arthuredelstein,jwwang
Chung-Sheng Fu <cfu@mozilla.com> - Thu, 17 Aug 2017 18:08:39 +0800 - rev 378010
Push 32421 by archaeopteryx@coole-files.de at Fri, 01 Sep 2017 08:31:26 +0000
Bug 1354633 - Add test cases r=arthuredelstein,jwwang MozReview-Commit-ID: 28FprGa4JEe
8f7d662de266: Bug 1354633 - When privacy.resistFingerprinting = true, MediaError.message can only get whitelisted messages r=arthuredelstein,jwwang
Chung-Sheng Fu <cfu@mozilla.com> - Fri, 04 Aug 2017 18:46:26 +0800 - rev 378009
Push 32421 by archaeopteryx@coole-files.de at Fri, 01 Sep 2017 08:31:26 +0000
Bug 1354633 - When privacy.resistFingerprinting = true, MediaError.message can only get whitelisted messages r=arthuredelstein,jwwang MozReview-Commit-ID: mYBftzcZT5
ad3bc2177e89: Bug 1382545 - Part 2: Add a test case for making sure that Animation API doesn't expose a high resolution time when 'privacy.resistFingerprinting' is true. r=arthuredelstein,birtles
Tim Huang <tihuang@mozilla.com> - Fri, 18 Aug 2017 13:55:05 +0800 - rev 376952
Push 32397 by philringnalda@gmail.com at Sun, 27 Aug 2017 01:13:26 +0000
Bug 1382545 - Part 2: Add a test case for making sure that Animation API doesn't expose a high resolution time when 'privacy.resistFingerprinting' is true. r=arthuredelstein,birtles Adopt from Tor #16337 This patch adds a test case for testing that Animation API doesn't expose a high resolution time when 'privacy.resistFingerprinting' is true. The test case will play an animation and wait a certain amount of time, one second, and then verify the animation.startTime, animation.currentTime, animation.timeline.currentTime and document.timeline.currentTime are all rounded with 100ms. MozReview-Commit-ID: KiMYySYaQ7V
e2213726a3d3: Bug 1382545 - Part 1: Rounding the time of Animation API to 100ms when 'privacy.resistFingerprinting'is true. r=arthuredelstein,birtles
Tim Huang <tihuang@mozilla.com> - Thu, 17 Aug 2017 22:37:29 +0800 - rev 376951
Push 32397 by philringnalda@gmail.com at Sun, 27 Aug 2017 01:13:26 +0000
Bug 1382545 - Part 1: Rounding the time of Animation API to 100ms when 'privacy.resistFingerprinting'is true. r=arthuredelstein,birtles Adopt from Tor #16337. This patch makes Animation API to report a rounded time when 'privacy.resistFingerprinting' is true. The Animation API uses AnimationUtils::TimeDurationToDouble() to convert its time duration into a double value and reports it when someone tries to query time through Animation API. So, we use nsRFPService::ReduceTimePrecisionAsMSecs() inside this method to round the time in the scope of the millisecond. MozReview-Commit-ID: 8o01G6AlAu9
61d074cfdeaf: Bug 1217290 - Refactor WebGL max & min attribute constants for WebGL fingerprinting r=arthuredelstein,daoshengmu,jgilbert
Chung-Sheng Fu <cfu@mozilla.com> - Thu, 27 Jul 2017 15:49:46 +0800 - rev 376655
Push 32388 by ryanvm@gmail.com at Fri, 25 Aug 2017 00:20:24 +0000
Bug 1217290 - Refactor WebGL max & min attribute constants for WebGL fingerprinting r=arthuredelstein,daoshengmu,jgilbert MozReview-Commit-ID: 5fxOdV8euJ0
79d10d864775: Bug 1382499 - Add test cases r=arthuredelstein,smaug
Chung-Sheng Fu <cfu@mozilla.com> - Wed, 02 Aug 2017 14:04:34 +0800 - rev 374576
Push 32332 by kwierso@gmail.com at Tue, 15 Aug 2017 00:28:32 +0000
Bug 1382499 - Add test cases r=arthuredelstein,smaug MozReview-Commit-ID: 1aZVzVO9D6x
0175751964b5: Bug 1382499 - Enhance fingerprinting resistance for Touch API r=arthuredelstein,bz
Chung-Sheng Fu <cfu@mozilla.com> - Mon, 31 Jul 2017 17:30:38 +0800 - rev 374574
Push 32332 by kwierso@gmail.com at Tue, 15 Aug 2017 00:28:32 +0000
Bug 1382499 - Enhance fingerprinting resistance for Touch API r=arthuredelstein,bz MozReview-Commit-ID: 8nzOkvIvwrD
0ebb9924affa: Bug 1382499 - Add test cases r=arthuredelstein,smaug
Chung-Sheng Fu <cfu@mozilla.com> - Wed, 02 Aug 2017 14:04:34 +0800 - rev 374314
Push 32320 by archaeopteryx@coole-files.de at Sat, 12 Aug 2017 21:35:10 +0000
Bug 1382499 - Add test cases r=arthuredelstein,smaug MozReview-Commit-ID: 1aZVzVO9D6x
1dcdc22d4919: Bug 1382499 - Enhance fingerprinting resistance for Touch API r=arthuredelstein,bz
Chung-Sheng Fu <cfu@mozilla.com> - Mon, 31 Jul 2017 17:30:38 +0800 - rev 374312
Push 32320 by archaeopteryx@coole-files.de at Sat, 12 Aug 2017 21:35:10 +0000
Bug 1382499 - Enhance fingerprinting resistance for Touch API r=arthuredelstein,bz MozReview-Commit-ID: 8nzOkvIvwrD
45ec9d0af14b: Bug 1369309 - Part 4: Modify the test case 'test_video_stats_resistfingerprinting.html'. r=cpearce, r=arthuredelstein
Tim Huang <tihuang@mozilla.com> - Mon, 17 Jul 2017 17:30:08 +0800 - rev 374027
Push 32312 by archaeopteryx@coole-files.de at Fri, 11 Aug 2017 09:55:13 +0000
Bug 1369309 - Part 4: Modify the test case 'test_video_stats_resistfingerprinting.html'. r=cpearce, r=arthuredelstein This patch modifies the test case 'test_video_stats_resistfingerprinting.html' to check media statistics report spoofed values when fingerprinting resistance is enabled. This test will play a video and test the media statistics when the video is finished. It will make sure all media statistics report correct spoofed values corresponding to the play time of the video. MozReview-Commit-ID: GpYewu7cIbY
9afd71d7438c: Bug 1369309 - Part 3: Making the media statistics reports a spoofed value when fingerprinting resistance is enabled. r=cpearce, r=arthuredelstein
Tim Huang <tihuang@mozilla.com> - Mon, 17 Jul 2017 15:13:55 +0800 - rev 374026
Push 32312 by archaeopteryx@coole-files.de at Fri, 11 Aug 2017 09:55:13 +0000
Bug 1369309 - Part 3: Making the media statistics reports a spoofed value when fingerprinting resistance is enabled. r=cpearce, r=arthuredelstein This patch makes the media statistics report values with a fixed frames per second and a dynamic dropped ratio when resistance fingerprinting is enabled. The dropped rate is decided by the video resolution that it will report a fixed dropped rate when the video resolution is greater than 480p. And It will report a zero dropped rate if the video is below or equal to 480p. In addition, it adds three new prefs that allow us to change the value of frames per second, the dropped ratio and the threshold of target video resolution. The three prefs are 'privacy.resistFingerprinting.video_frames_per_sec', 'privacy.resistFingerprinting.video_dropped_ratio' and 'privacy.resistFingerprinting.target_video_res'. The default values of them are 30, 5 and 480, which means 30 frames per second, 5 percent dropped ratio and 480p. This also adds a new helper function 'nsContentUtils::ShouldResistFingerprinting(nsIDocument* aDoc)' for checking whether fingerprinting resistance is enabled for a given docuemnt. If it is a chrome document, this function will indicate that fingerprinting resistance is not enabled regardless of the pref 'privacy.resistFingerprinting'. If it is a content document, the result will depend on the pref. MozReview-Commit-ID: FbSuRq6Zdnn
23efa91adf8a: Bug 1369309 - Part 2: Add a test case to check whether media statistics has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=jwwang, r=arthuredelstein
Tim Huang <tihuang@mozilla.com> - Mon, 19 Jun 2017 14:43:27 +0800 - rev 374025
Push 32312 by archaeopteryx@coole-files.de at Fri, 11 Aug 2017 09:55:13 +0000
Bug 1369309 - Part 2: Add a test case to check whether media statistics has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=jwwang, r=arthuredelstein MozReview-Commit-ID: F6jNk58z7bH
81f871657e18: Bug 1369309 - Part 1: Spoofing media statistics to 0 when 'privacy.resistFingerprinting' is true. r=jwwang, r=arthuredelstein
Tim Huang <tihuang@mozilla.com> - Mon, 19 Jun 2017 14:43:26 +0800 - rev 374024
Push 32312 by archaeopteryx@coole-files.de at Fri, 11 Aug 2017 09:55:13 +0000
Bug 1369309 - Part 1: Spoofing media statistics to 0 when 'privacy.resistFingerprinting' is true. r=jwwang, r=arthuredelstein MozReview-Commit-ID: FNALpUGFDTQ
3b4442aa9040: Bug 1333641 - Part 2: Add a test case to verify the behavior of speechSynthesis API when 'privacy.resistfingerprinting' is true. r=arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Thu, 20 Jul 2017 16:57:03 +0800 - rev 371065
Push 32239 by kwierso@gmail.com at Thu, 27 Jul 2017 01:03:39 +0000
Bug 1333641 - Part 2: Add a test case to verify the behavior of speechSynthesis API when 'privacy.resistfingerprinting' is true. r=arthuredelstein,smaug This patch adds a test case to verify the speechSynthesis API when fingerprinting resistance is enabled. This test will first make sure the speechSynthesis has been setup correctly and then flip the pref 'privacy.resistFingerprinting'. Then, it will test speechSynthesis.getVoices(), onvoiceschanged event and speechSynthesis.speak(). MozReview-Commit-ID: 33BcZcHPgat
543ace8b7216: Bug 1333641 - Part 1: Making the speechSynthesis API unfingerprintable when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Thu, 20 Jul 2017 16:07:32 +0800 - rev 371064
Push 32239 by kwierso@gmail.com at Thu, 27 Jul 2017 01:03:39 +0000
Bug 1333641 - Part 1: Making the speechSynthesis API unfingerprintable when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug The patch will change the behavior of speechSynthesis API when fingerprinting resistance is enabled. First, the speechSynthesis.getVoices() will always report an empty list and the speechSynthesis.onvoiceschanged event will be blocked. And it will immediately fail when using the speechSynthesis.speak() to speak an utterance. By doing so, websites can no longer fingerprint users through this speechSynthesis API. In addition, this only affect contents, so the chrome can still use this API even the fingerprinting resistance is enabled. MozReview-Commit-ID: KxJX8fo30WS
5cc6976b59ce: Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Thu, 13 Jul 2017 15:23:47 +0800 - rev 368928
Push 32178 by kwierso@gmail.com at Sat, 15 Jul 2017 00:10:05 +0000
Bug 1372069 - Part 2: Add a test case for making sure geolocation API has been disabled correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug This patch adds a test case to check whether geolocation API is disabled when fingerprinting resistance is enabled. The test will check that the successCallback of geolocation API is not called, but the errorCallback is called with a PERMISSION_DENIED error when 'privacy.resistFingerprinting' is true. MozReview-Commit-ID: IyoEMyX5yNP
a450b50c2222: Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug
Tim Huang <tihuang@mozilla.com> - Thu, 13 Jul 2017 14:11:08 +0800 - rev 368927
Push 32178 by kwierso@gmail.com at Sat, 15 Jul 2017 00:10:05 +0000
Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. r=arthuredelstein,smaug This patch disables Geolocation API when fingerprinting resistance is enabled. The way we disable it is the same as how we disable this API for non-secure origins that we will reject the request from this API and still keep this API around. MozReview-Commit-ID: 5D7Bf6Rplm8
2dbe15749c1b: Bug 1361500 - Don't call _tzset on startup r=arthuredelstein,Ehsan
Doug Thayer <dothayer@mozilla.com> - Fri, 23 Jun 2017 12:56:03 -0400 - rev 367845
Push 32147 by kwierso@gmail.com at Sat, 08 Jul 2017 00:22:09 +0000
Bug 1361500 - Don't call _tzset on startup r=arthuredelstein,Ehsan The reason we call _tzset inside DateTime.cpp is to allow the privacy.resistFingerprinting pref to mask our timezone by setting the TZ environment variable. Without _tzset, the changes to the environment variable won't actually change anything. However, if a process is started with the TZ environment variable set to something (like "UTC"), then those changes will be active in that process. Since we're only masking timezone to JS running in the content process, and since those content processes will be started by the parent process which has already set its TZ to UTC, and will copy that variable to its children, we only need to call _tzset() when the pref changes, and only in the content process, provided we are on e10s. MozReview-Commit-ID: CPU99BGDUPj
12f8c79dabb4: Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
Tim Huang <tihuang@mozilla.com> - Tue, 13 Jun 2017 14:10:18 +0800 - rev 366735
Push 32108 by cbook@mozilla.com at Fri, 30 Jun 2017 10:57:12 +0000
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku This adds a test case to test that network information is correctly spoofed when 'privacy.resistFingerprinting' is true. This tests not only windows, but also workers. MozReview-Commit-ID: Lt6HZlFrcja