Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fingerprinting 2.0: Plugins #9435

Closed
pes10k opened this issue Apr 23, 2020 · 5 comments · Fixed by brave/brave-core#5989
Closed

Fingerprinting 2.0: Plugins #9435

pes10k opened this issue Apr 23, 2020 · 5 comments · Fixed by brave/brave-core#5989
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include

Comments

@pes10k
Copy link
Contributor

pes10k commented Apr 23, 2020

This is a sub-issue of the larger fingerprinting defense reorganization #8787

Plugins interfaces

NavigatorPlugins.plugins
navigator.plugins

Currently Brave reports two plugins, "Chrome PDF Plugin" and "Chrome PDF Viewer"

Word replacements:

  • Chrome: ["Chrome", "Chromium", "Brave", "Web", "Browser", "" (empty string), "OpenSource", "Online", "JavaScript"]
  • PDF: ["PDF", "Portable Document Format", "portable-document-format", "document", "doc", "PDF and PS", "com.adobe.pdf"]
  • Plugin: ["Viewer", "Renderer", "Display", "Plugin", "plug-in", "plug in", "extension", "" (empty string)]
  • Viewer: ["Viewer", "Renderer", "Display", "Plugin", "plug-in", "plug in", "extension", "" (empty string)]

Random plugin
(see https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/modules/plugins/dom_plugin.cc)

  • description: any 3 random words, possibly taken from chrome/browser/spellchecker/spellcheck_hunspell_dictionary.h
  • filename: 32 random characters, from [a-z]
  • name: any 3 random words, possibly taken from chrome/browser/spellchecker/spellcheck_hunspell_dictionary.h
  • length: 0 (needed for web compat reasons)
  • namedItem(): always null (again needed for web compat)

default protection:

  • Randomize both descriptions of plugins, under eTLD+1 seed, using random selections from the above word replacements
  • Randomize both filename to be 32 random characters, under eTLD+1 seed, from [a-z]
  • Include two randomly generated plugins, using the above schema
  • Randomize return order

max protection:

  • Include two randomly generated plugins, using the above schema
  • Randomize return order
  • Include no other plugin information
@pes10k pes10k added feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields privacy-pod Feature work for the Privacy & Web Compatibility pod privacy labels Apr 24, 2020
@Madis0
Copy link

Madis0 commented May 22, 2020

I don't see how the randomization of names could help.

The issue is bigger than Brave - if the UA, rendering engine and other stuff already tell the world it's Chromium, plugin randomization would only make the user more distinct, because it is unlike any other Chromium.
So keeping it 1:1 with latest Chrome (which I think also has Native Client) would be the best bet.

Another option could be emulating Firefox/Tor browser by simply keeping it an empty array, but again, that needs more precautions overall.

@pes10k
Copy link
Contributor Author

pes10k commented May 22, 2020

https://brave.com/whats-brave-done-for-my-privacy-lately-episode3/ gives some background why randomization is superior to fixed response, when you can do it w/o breaking things

@pes10k
Copy link
Contributor Author

pes10k commented Jul 16, 2020

For QA, I've added a plugins test to https://dev-pages.brave.software/farbling.html

@LaurenWags
Copy link
Member

LaurenWags commented Aug 17, 2020

Verified passed with

Brave | 1.13.73 Chromium: 84.0.4147.125 (Official Build) dev (64-bit)
-- | --
Revision | d0784639447f2e10d32ebaf9861092b20cfde286-refs/branch-heads/4147@{#1059}
OS | macOS Version 10.14.6 (Build 18G3020)

Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html

Confirmed with shields up, FP values are the same for "Plugins" per page, but the values are different between the two pages above

Note - logged #11278 as a follow-up for the Local Frame value being different from This Page and Remote Frame value

Default Shields (FP = Standard):
1 13 x - initial check - default shields

Modified Shields (FP = Strict):
1 13 x strict shields

Confirmed with shields up, if you close and relaunch the browser, and visit the pages again the values for "Plugins" are different (they are not retained between sessions)

See note about logged issue in above

Default Shields (FP = Standard):
1 13 x relaunch check - default shields

Modified Shields (FP = Strict):
1 13 x strict shields relaunch

Confirmed with shields down, FP values for "Plugins" are the same for each individual item on a given page and are the same for both pages

Shields Down:
1 13 x shields down

Confirmed with shields down, if you close and relaunch the browser, and visit the pages again, the values for "Plugins: are the same (they are retained between sessions)

Shields Down:
1 13 x shields down - relaunch


Verification passed on


Brave | 1.13.77 Chromium: 85.0.4183.69 (Official Build) dev (64-bit)
-- | --
Revision | 4554ea1a1171bd8d06951a4b7d9336afe6c59967-refs/branch-heads/4183@{#1426}
OS | Windows 10 OS Version 1903 (Build 18362.1016)

https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image

(FP = Strict):

https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
  • Confirmed with shields up (FP = Standard), if you close and relaunch the browser, and visit the pages again the values for "Plugins" are different (they are not retained between sessions)
https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image

(FP = Strict):

https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
  • Confirmed with shields down, FP values for "Plugins" are the same for each individual item on a given page and are the same for both pages
https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image
  • Confirmed with shields down, if you close and relaunch the browser, and visit the pages again, the values for "Plugins: are the same (they are retained between sessions)
https://dev-pages.bravesoftware.com/farbling.html https://dev-pages.brave.software/farbling.html
image image

Verification passed on

Brave 1.13.79 Chromium: 85.0.4183.69 (Official Build) dev (64-bit)
Revision 4554ea1a1171bd8d06951a4b7d9336afe6c59967-refs/branch-heads/4183@{#1426}
OS Ubuntu 18.04 LTS

Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html

Confirmed with shields up, FP values are the same for "Plugins" per page, but the values are different between the two pages above

Encountered #11278

Default Shields (FP = Standard):
image

Modified Shields (FP = Strict):
image

Confirmed with shields up, if you close and relaunch the browser, and visit the pages again the values for "Plugins" are different (they are not retained between sessions)

See note about logged issue in above

Default Shields (FP = Standard):
image

Modified Shields (FP = Strict):
image

Confirmed with shields down, FP values for "Plugins" are the same for each individual item on a given page and are the same for both pages

Shields Down:
image

Confirmed with shields down, if you close and relaunch the browser, and visit the pages again, the values for "Plugins: are the same (they are retained between sessions)

Shields Down:
image

@srirambv
Copy link
Contributor

Verification passed on OnePlus 6T with Android 10 running 1.13.81 x64 build

Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html

Verified with shields up, FP values are same for "Plugins" on the same page but values are different on each page
https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
image image
Verified with shields up closing and relaunching the browser values for "Plugins" are not retained between sessions
https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
image image
Verified with shields down, FP values for "Plugins" are set to `00000000` as plugin list is empty
https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
image image
  • Logged https://github.com/[Android][Follow up #9435] Fingerprinting 2.0: Plugins not listed when shields is disabled #11460 for investigating no plugins when shields is disabled
  • Verified with shields down, FP values for "Plugins" value of "00000000" is retained between sessions
    https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
    image image

    Verification passed on Samsung Tab A with Android 10 running 1.13.81 x64 build

    Verified using https://dev-pages.bravesoftware.com/farbling.html and https://dev-pages.brave.software/farbling.html

    Verified with shields up, FP values are same for "Plugins" on the same page but values are different on each page
    https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
    image image
    Verified with shields up closing and relaunching the browser values for "Plugins" are not retained between sessions
    https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
    image image
    Verified with shields down, FP values for "Plugins" are set to `00000000` as plugin list is empty
    https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
    image image
  • Logged https://github.com/[Android][Follow up #9435] Fingerprinting 2.0: Plugins not listed when shields is disabled #11460 for investigating no plugins when shields is disabled
  • Verified with shields down, FP values for "Plugins" value of "00000000" is retained between sessions
    https://dev-pages.brave.software/farbling.html https://dev-pages.bravesoftware.com/farbling.html
    image image

    mariospr added a commit to brave/brave-core that referenced this issue Jan 29, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so there's no need for Brave to implement a
    farbling mechanism for such array any more.
    
    Thus, we can now remove all the code added to implement that and drop
    a couple of patches to upstream's Chromium in the way too.
    
    Main related issues in Brave's GitHub:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Feb 3, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Feb 5, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Feb 5, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Feb 10, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Feb 17, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Feb 19, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Feb 23, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Feb 24, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Feb 26, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 4, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 5, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Mar 8, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 10, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 10, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 12, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mariospr added a commit to brave/brave-core that referenced this issue Mar 15, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    mkarolin pushed a commit to brave/brave-core that referenced this issue Mar 23, 2021
    Due to the removal of flash, navigator.plugins will always report an
    empty array from now on, so Brave needs to adapt its farbling mechanism
    to work like this depending on the selected behavior:
    
      * "off": return the real navigators.plugins, that is, an empty array.
      * "balanced" or "maximum": return 2 randomly generated fake plugins.
    
    Additionally, we need to adapt the browser tests to account for this
    new scenario, and test that indeed the expectation of navigator.plugins
    returning an empty array stays true.
    
    Issues in Brave's GitHub related to the implementation of this feature:
    
      * Fingerprinting 2.0: Plugins
        brave/brave-browser#9435
    
      * Fingerprinting 2.0: Plugins (word replacement)
        brave/brave-browser#10597
    
    Chromium change:
    https://chromium.googlesource.com/chromium/src.git/+/f8fe422e0e8a026f73f9d74d26f75c3c93102030
    
    commit f8fe422e0e8a026f73f9d74d26f75c3c93102030
    Author: Mason Freed <[email protected]>
    Date:   Wed Jan 20 18:50:56 2021 +0000
    
        Empty out navigator.plugins and navigator.mimeTypes
    
        With this CL, navigator.plugins and navigator.mimeTypes will
        both return empty arrays.
    
        With the removal of Flash, there is no longer the need to
        return anything for navigator.plugins and navigator.mimeTypes.
        These APIs were used primarily for a) probing for Flash player
        support, or b) fingerprinting. As such, we'd like to return
        empty for these two properties. Gecko already switched to
        returning *only* Flash starting with Firefox 52, and returning
        empty as of Firefox 85.
    
        I2S:
        https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM
    
        Fixed: 1164635
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
    Projects
    None yet
    Development

    Successfully merging a pull request may close this issue.

    7 participants