Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone] Extend font randomization fingerprinting protections to also cover src:local #23432

Closed
pes10k opened this issue Jun 13, 2022 · 7 comments · Fixed by brave/brave-core#13779
Closed

[hackerone] Extend font randomization fingerprinting protections to also cover src:local #23432

pes10k opened this issue Jun 13, 2022 · 7 comments · Fixed by brave/brave-core#13779
Assignees
@pilgrim-brave
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields feature/shields The overall Shields feature in Brave. OS/Desktop OS/macOS OS/Windows privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Milestone
1.44.x - Release

Comments

@pes10k
Copy link
Contributor

pes10k commented Jun 13, 2022
edited by diracdeltas
Loading

Currently Brave allows sites to access a random subset of user fonts, to cause fingerprinters get a different fingerprint for each site, for each browser session.

However, recently researchers notified use src:local to have Chrome bypass these protections and query all installed fonts again. We should also apply our randomize font fingerprinting protections against alternative ways of accessing user fonts, like src:local

These researchers will be credited on HackerOne.

https://hackerone.com/reports/1598008

credit: xlin
@pes10k pes10k added feature/shields The overall Shields feature in Brave. feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Android Fixes related to Android browser functionality OS/Desktop labels Jun 13, 2022
@pes10k pes10k added the privacy-pod Feature work for the Privacy & Web Compatibility pod label Jun 13, 2022
@diracdeltas diracdeltas changed the title Extend font randomization fingerprinting protections to also cover src:local [hackerone] Extend font randomization fingerprinting protections to also cover src:local Jun 13, 2022
@pilgrim-brave pilgrim-brave mentioned this issue Jun 14, 2022
Merged
25 tasks
@brave-builds brave-builds added this to the 1.44.x - Nightly milestone Aug 2, 2022
@stephendonner
Copy link

@pilgrim-brave @pes10k mind providing a testcase for this, please? 🙏

@pes10k
Copy link
Contributor Author

pes10k commented Sep 6, 2022

@stephendonner https://dev-pages.brave.software/fingerprinting/fonts.html

@LaurenWags
Copy link
Member

LaurenWags commented Sep 7, 2022
edited
Loading

@pes10k to confirm - checking src:local case on that page for all platforms and then Pseudo Fonts on macOS only is sufficient?

btw - confirmed this with @pes10k 👍🏻

@stephendonner stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Sep 14, 2022
@stephendonner
Copy link

Verified PASSED using

Brave 1.44.85 Chromium: 105.0.5195.127 (Official Build) beta (x86_64)
Revision 912488396852bf658ab32465980c0b93a3c27a83-refs/branch-heads/5195@{#1109}
OS macOS Version 11.7 (Build 20G817)

Steps:

Followed the steps to reproduce from https://dev-pages.brave.software/fingerprinting/fonts.html and https://dev-pages.bravesoftware.com/fingerprinting/fonts.html

Font setup more
Screen Shot 2022-09-14 at 11 10 28 AM Screen Shot 2022-09-14 at 11 10 37 AM

Confirmed the rendered texts were the same, as well as their width dimensions.

https://dev-pages.brave.software/fingerprinting/fonts.html

src:local Pseudo Fonts
Screen Shot 2022-09-14 at 11 11 11 AM Screen Shot 2022-09-14 at 11 12 38 AM

https://dev-pages.bravesoftware.com/fingerprinting/fonts.html

src:local Pseudo Fonts
Screen Shot 2022-09-14 at 11 12 54 AM Screen Shot 2022-09-14 at 11 12 58 AM

@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Sep 14, 2022
@MadhaviSeelam
Copy link

Verification PASSED using

Brave | 1.44.85 Chromium: 105.0.5195.127 (Official Build) beta (64-bit)
-- | --
Revision | 912488396852bf658ab32465980c0b93a3c27a83-refs/branch-heads/5195@{#1109}
OS | Windows 11 Version 21H2 (Build 22000.978)
  1. Installed 1.44.85
  2. launched Brave
  3. open brave://settings/shields
  4. confirmed Prevent sites from fingerprinting me based on my language preferences setting is ON/Enabled
  5. confirmed Block fingerprinting setting is Standard
  6. visit https://dev-pages.bravesoftware.com/fingerprinting/fonts.html
  7. downloaded Fredoka one font as per the instructions on the page
  8. clicked Start tests

Confirmed the rendered texts were the same, as well as their width dimensions.

Ex1 Ex2
image image

@stephendonner
Copy link

Removing QA/Test-All-Platforms and replacing with OS/Windows and OS/macOS due to the feature not being enabled on Linux, per https://dev-pages.bravesoftware.com/fingerprinting/fonts.html:

Screen Shot 2022-09-16 at 1 04 56 PM

@kjozwiak kjozwiak removed the OS/Android Fixes related to Android browser functionality label Sep 22, 2022
@kjozwiak
Copy link
Member

Removed OS/Android after speaking with @pilgrim-brave & @pes10k. The above hasn't been implemented in Android yet so there's nothing that QA can do in terms of verification on Android.

@kjozwiak kjozwiak mentioned this issue Sep 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pilgrim-brave pilgrim-brave

Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields feature/shields The overall Shields feature in Brave. OS/Desktop OS/macOS OS/Windows privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Projects
None yet
Milestone
1.44.x - Release
Development

Successfully merging a pull request may close this issue.

Hook LocalFontFaceSource into font whitelist brave/brave-core
7 participants
@pes10k @stephendonner @kjozwiak @LaurenWags @pilgrim-brave @brave-builds @MadhaviSeelam