Bug details

requestAnimationFrame is used in many fingerprinting scripts. We found fingerprinting scripts using requestAnimationFrame to compute the frame rate of content rendering in a browser. The browser guarantees that it will execute the callback function passed to requestAnimationFrame before it repaints the view. The browser callback rate generally matches the display refresh rate (https://developer.mozilla.org/en-US/docs/Web/API/window/requestAnimationFrame) and the number of callbacks within an interval can capture the frame rate. The differences in frame rates can potentially leak entropy.

Some of the scripts and websites accessing requestAnimationFrame API

Script URL

https://assets.pixlee.com/assets/pixlee_events.js , https://www.cheapflights.com.au/pHWOqUmu/init.js

Websites with script

https://www.dockers.com/US/en_US/ , http://www.bestmadeco.com/ , https://www.yakima.com/ , https://getaway.house/ , https://www.wyze.com/ , https://www.mpix.com/ , https://www.cheapflights.com.au/

Other APIs access by these scripts (filtered to those also found in fingerprintjs2):

fillRect , bindBuffer , createBuffer , localStorage , OfflineAudioContext , compileShader , plugins , getShaderPrecisionFormat , maxTouchPoints , multiply , sessionStorage , systemLanguage , deviceId , colorDepth , linkProgram , filter , userAgent , currentTime , mediaDevices , suffixes , rangeMin , beginPath , deviceMemory , oscpu , font , screen , browserLanguage , createProgram , destination , fillStyle , MAX_TEXTURE_MAX_ANISOTROPY_EXT , enumerateDevices , platform , getContext , groupId , oncomplete , getExtension , doNotTrack , useProgram , createShader , fonts , TouchEvent , webdriver , startRendering , ontouchstart , getSupportedExtensions , globalCompositeOperation , isPointInPath , createDynamicsCompressor , attachShader , navigator , language , hardwareConcurrency , offsetHeight , getUniformLocation , ARRAY_BUFFER , drawArrays , vertexAttribPointer , WebGLRenderingContext , toSource , createOscillator , precision , EXT_texture_filter_anisotropic , indexedDB , setValueAtTime , renderedBuffer , bufferData , getData , getContextAttributes , appName , clearColor , getChannelData , languages , productSub , shaderSource , userLanguage , WEBGL_debug_renderer_info , toDataURL , enableVertexAttribArray , availHeight , rangeMax , frequency , webgl , devicePixelRatio , ActiveXObject , enable , fillText , textBaseline , Float32Array , closePath , connect , Netscape , getAttribLocation , getParameter , availWidth