#32701: Keep an eye on fingerprinting risks due to the Reporting API
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-fingerprinting,
Severity: Normal | ff78-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
[https://bugzilla.mozilla.org/show_bug.cgi?id=1492036 Support for the
Reporting API] landed on nightly in the Firefox 65 cycle. There is already
at least [https://bugzilla.mozilla.org/show_bug.cgi?id=1507280 one needed
fingerprinting fixup] known which we need to take care of when this gets
enabled, but there are likely more. A good start for closer investigation
is the [https://w3c.github.io/reporting/#privacy Privacy Considerations
section] in the spec itself.
We should keep this feature disabled until the risks are evaluated. This
can be done by making sure `dom.reporting.enabled` and
`dom.reporting.header.enabled` are `false`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32701>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
