Open Bug 1658837 Opened 4 years ago Updated 1 years ago

Potential use of Notification API for fingerprinting

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: umar-iqbal, Unassigned)

References

(Blocks 1 open bug)

Details

Bug details

Notification permissions API provides a way to determine whether notification permission is granted or denied on a specific website. We discovered several cases in which the Notification API was used in fingerprinting scripts. Specifically, we found cases where the notification permissions were probed. The differences in permissions across websites can be used as part of a fingerprint.

Some of the scripts and websites accessing Notification API

Script URL

https://cdn.perfdrive.com/aperture/aperture.js , https://cdn.perfdrive.com/aperture/spectrum.js

Websites with script

https://inc42.com/ , https://www.1881.no/ , https://www.meilleursagents.com/ , https://www.vouchercodes.co.uk/ , https://www.songfacts.com/ , https://fribbla.de/insiders/ , https://lensa.com/ , https://www.tomshardware.co.uk/ , https://www.newsarama.com/ , https://next.reality.news/

Common APIs with fingerprintjs2

toDataURL , fillRect , fillStyle , mimeTypes , display , availHeight , platform , getContext , localStorage , doNotTrack , webdriver , plugins , indexedDB , ActiveXObject , maxTouchPoints , ontouchstart , fillText , textBaseline , sessionStorage , colorDepth , userAgent , navigator , language , hardwareConcurrency , canvas , productSub , availWidth , screen

Script URL

https://assets.pixlee.com/assets/pixlee_events.js

Websites with script

https://www.dockers.com/US/en_US/ , http://www.bestmadeco.com/ , https://www.yakima.com/ , https://www.mpix.com/ , https://www.kennethcole.com/

Common APIs with fingerprintjs2

fillRect , display , context , bindBuffer , createBuffer , localStorage , OfflineAudioContext , compileShader , plugins , getShaderPrecisionFormat , maxTouchPoints , multiply , sessionStorage , systemLanguage , deviceId , colorDepth , linkProgram , filter , userAgent , currentTime , mediaDevices , suffixes , rangeMin , beginPath , deviceMemory , oscpu , font , screen , browserLanguage , createProgram , destination , fillStyle , MAX_TEXTURE_MAX_ANISOTROPY_EXT , enumerateDevices , platform , getContext , groupId , oncomplete , getExtension , doNotTrack , useProgram , createShader , fonts , TouchEvent , webdriver , startRendering , ontouchstart , getSupportedExtensions , globalCompositeOperation , isPointInPath , createDynamicsCompressor , attachShader , navigator , uniform2f , language , hardwareConcurrency , offsetHeight , getUniformLocation , ARRAY_BUFFER , drawArrays , vertexAttribPointer , disconnect , WebGLRenderingContext , toSource , createOscillator , precision , EXT_texture_filter_anisotropic , indexedDB , setValueAtTime , renderedBuffer , bufferData , getData , getContextAttributes , reduction , appName , clearColor , getChannelData , canvas , languages , productSub , shaderSource , userLanguage , WEBGL_debug_renderer_info , toDataURL , enableVertexAttribArray , availHeight , rangeMax , frequency , webgl , description , devicePixelRatio , ActiveXObject , enable , fillText , textBaseline , Float32Array , closePath , connect , Netscape , getAttribLocation , getParameter , availWidth

Depends on: 1662349
Blocks: 1662349
No longer depends on: 1662349
Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.