Mike Perry
Update design doc to reflect the planned shift from the Toggle Model to Tor Browser.
Mike Perry commited 8c9290304 at 2011-04-11 06:55:29
- Review of https://developer.mozilla.org/en/Firefox_4_for_developers
- Potential proxy issues
- DocShell and plugins inside createHTMLDocument?
- https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
- WebSockets?
- Media attributes?
- "buffered"
- "preload"
- new codecs?
- What the hell is a blob url?
- https://developer.mozilla.org/en/DOM/window.createBlobURL
- https://developer.mozilla.org/en/DOM/window.revokeBlobURL
- Seems only relevent to FS injection..
- WebThreads are OK:
- https://developer.mozilla.org/En/Using_web_workers
- Network activity blocked by content policy
- Fingerprinting issues:
- New screen attributes
- https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
- High Res Animation Timers:
- https://developer.mozilla.org/en/DOM/window.mozAnimationStartTime
- https://developer.mozilla.org/en/DOM/Animations_using_MozBeforePaint
- 50-60hz max.. Can we leverage this?
- timeStamps on keystroke events
- https://developer.mozilla.org/en/DOM/event.timeStamp
- Bounding rectangles -> window sizes?
- Maybe not display sizes, but seems possible to fingerprint rendered
content size.. ugh.
- https://developer.mozilla.org/en/DOM/element.getBoundingClientRect
- https://developer.mozilla.org/en/dom:range
- CSS resize, media queries, etc..
- WebGL may also expose screen properties and video card properties:
- https://developer.mozilla.org/en/WebGL
- https://www.khronos.org/registry/webgl/specs/1.0/#5.2
- https://www.khronos.org/registry/webgl/specs/1.0/#5.11
- SVG needs auditing. It may also expose absolute coords, but appears OK
- https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL
- Mouse events reveal desktop coordinates
- https://bugzilla.mozilla.org/show_bug.cgi?id=503943
- https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
- Actual screen dimensions not exposed
- Identifier Storage
- Content Secuity Properties may need clearing:
- https://developer.mozilla.org/en/Security/CSP
- STS cache needs clearing
- New window.history functions may allow state smuggling
- https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
- New Javascript hooking options may help improve Date() hooks:
- https://developer.mozilla.org/en/JavaScript/New_in_JavaScript/1.8.5
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX