Closed Bug 1536533 Opened 6 years ago Closed 6 years ago

privacy.resistFingerprinting set to true causes event.altKey to always return false

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox68 --- affected

People

(Reporter: jaws, Unassigned)

Details

STR:
Go to https://unixpapa.com/js/testkey.html and check the "Modifiers" option
Press Alt+D
See that altKey=true
Go to about:config, set privacy.resistFingerprinting=true
Go back to the testing webpage and press Alt+D again

Expected:
See that altKey=true

Actual:
See that altKey=false

Looks invalid based on bug 1222285.

No longer blocks: uplift_tor_fingerprinting
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
No longer blocks: 1222285

This issue is still present in 81.0.1 on Linux, can you please open it?

I believe that this is the expected behavior. When RFP is enabled, we spoof information relating to keycodes to prevent identification of keyboard layout. Are you saying we are not spoofing correctly; or that the keys aren't what you expected (because of the spoofing?)

Sorry for the noise, you can ignore my comment. I just realized this issue was closed as INVALID and not just resolved.
I'm not familiar with Firefox's codebase at all, but a comment [1] indicates the Alt can leak information about the keyboard layout, which I wasn't aware of.

[1] https://searchfox.org/mozilla-central/source/dom/events/KeyboardEvent.cpp#39-42

You need to log in before you can comment on or make changes to this bug.