Pref to disable webaudio API

Suggestions and feature requests for the Pale Moon browser

Moderators: Indalecio, satrow

velkro
Newbie
Newbie
Posts: 4
Joined: Wed Sep 13, 2017 1:52 am

Pref to disable webaudio API

Postby velkro » Wed Sep 13, 2017 2:39 am

Hi,

Firefox added a preference in about:config to disable the web audio API used to track users: https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
The pref in firefox is: dom.webaudio.enabled
Could this be added to palemoon for privacy?

Thanks! :thumbup:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19498
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Pref to disable webaudio API

Postby Moonchild » Wed Sep 13, 2017 7:08 am

From https://bugzilla.mozilla.org/show_bug.c ... 288359#c22

From what I can tell, the bit exposed here reveals the implementation of the browser engine, including which OS you're on, which is already exposed. Based on some testing, it seems that different versions of Firefox on the same machine all return the same "fingerprint", and even more interestingly, Chrome and Opera on the same machine also expose the same "fingerprint."

So disabling this really won't do much good (disabling this also provides entropy, after all).

The other suggestion in that same comment would be in line with our canvas approach to poison data, and likely be a better solution:
I think the only real bit exposed here is the floating point code shipped which calculates the audio samples. Wouldn't it have been a better idea to expose a pref which adds some noise into some of our floating point math instead of disabling the whole API

However, since we're talking audio here, the processing cost may become really high very quickly...
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

velkro
Newbie
Newbie
Posts: 4
Joined: Wed Sep 13, 2017 1:52 am

Re: Pref to disable webaudio API

Postby velkro » Wed Sep 13, 2017 3:11 pm

Moonchild wrote:From https://bugzilla.mozilla.org/show_bug.c ... 288359#c22

From what I can tell, the bit exposed here reveals the implementation of the browser engine, including which OS you're on, which is already exposed. Based on some testing, it seems that different versions of Firefox on the same machine all return the same "fingerprint", and even more interestingly, Chrome and Opera on the same machine also expose the same "fingerprint."

So disabling this really won't do much good (disabling this also provides entropy, after all).

The other suggestion in that same comment would be in line with our canvas approach to poison data, and likely be a better solution:
I think the only real bit exposed here is the floating point code shipped which calculates the audio samples. Wouldn't it have been a better idea to expose a pref which adds some noise into some of our floating point math instead of disabling the whole API

However, since we're talking audio here, the processing cost may become really high very quickly...


Thanks for the reply, I think the AudioContext api is a huge privacy issue because the fingerprint is the same even if you clear the browser data or use incognito mone (test at : https://browserprint.info/). Tor browser just flat out disable it and firefox lets you too, since like you said the processing cost gets high if you add entropy to it.

Also top sites using it right now for tracking:
https://thehackernews.com/2016/05/audio ... print.html

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19498
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Pref to disable webaudio API

Postby Moonchild » Wed Sep 13, 2017 11:30 pm

Please read and comprehend my previous reply.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

testator777
Hobby Astronomer
Hobby Astronomer
Posts: 17
Joined: Mon Jan 09, 2017 2:49 am

Re: Pref to disable webaudio API

Postby testator777 » Fri Sep 15, 2017 12:40 am

If you really wanted to disable it then you could install canvasfingerprint blocker from the mozilla addons store using pale moon's tester tool if it is still up(it was up like four years ago). Doing that and disabling javascript will block audio fingerprinting. If you want no fingerprinting with javascript enabled you better fork pale moon and write the about:config parameter yourself.

There is not much someone can do with identifying the audio device you use besides being able to maybe find out the hardware and driver version you use. Which is difficult as you could change the audio driver or sound card if it's not integrated. Along with the person collecting the info would need to have a huge database of sound cards and driver version combinations beforehand. So unless you are extremely concerned with some random blog or google knowing that you use (insert random sound card found on countless motherboards here) then it's not a big deal.

Moonchild wrote:However, since we're talking audio here, the processing cost may become really high very quickly...

It would be useful to dynamically disable the audio info/api for slight energy savings. For example I don't need it enabled to type this out on the forums, but yet it's enabled. Or like when a youtube page wants access to the audio. You could have a popup, like for fullscreen mode video, that blocks or gives permission to access the audio device or info. This feature would have to be manually enabled though as to not pester everyone else who doesn't care. Unless there are a large number of people who care but I don't know about that.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19498
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Pref to disable webaudio API

Postby Moonchild » Fri Sep 15, 2017 4:52 pm

The processing overhead I talked about was re: poisoning, not about enabling/disabling the API.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image


Return to “Suggestions/feature requests”

Who is online

Users browsing this forum: No registered users and 6 guests