Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Screen fingerprinting protection is applied to extensions pages

See original GitHub issue

First reported here: https://twitter.com/AaronToponce/status/1590038533963538432

I was able to confirm that the extension pop-up for Bitwarden is half size when screen fingerprinting protection is enabled. It appears this is because the browser is lying about the size of the screen to the popup page, which has a chrome-extension:// address. We should not apply this protection to such extension pages.

Issue Analytics

  • State:closed
  • Created 10 months ago
  • Reactions:6
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
pes10kcommented, Nov 14, 2022

Yep! I agree, option 1 seems A+ to me

0reactions
GeetaSarvadnyacommented, Nov 22, 2022

Verification PASSED on

Brave | 1.45.131 Chromium: 107.0.5304.110 (Official Build) (64-bit)
-- | --
Revision | 2a558545ab7e6fb8177002bf44d4fc1717cb2998-refs/branch-heads/5304@{#1202}
OS | Windows 10 Version 21H2 (Build 19044.2251)
Reproduced the issue in 1.45.127

Reproduced the issue described in https://github.com/brave/brave-browser/issues/26715#issuecomment-1322435253 using 1.45.127

  1. Ensured BraveScreenFingerprintingBlockerStudy:Enabled on brave://version (Release channel has this at 50%, so may need a few attempts to get this enabled)
  2. Confirmed no login window shows on 1.45.x when clicking on the “Line” extension icon with the BraveScreenFingerprintingBlockerStudy is enabled.
  3. Confirmed shortened display of Bitwarden popup when BraveScreenFingerprintingBlockerStudy is enabled.
brave://version Line Extension Bitwarden Extension
image image image
Part A of test plan - PASSED

Verified the test plan from https://github.com/brave/brave-browser/issues/26715#issuecomment-1322435253 - Part A:

Using 1.45.131, verified both extensions listed in https://github.com/brave/brave-browser/issues/26715#issuecomment-1322435253 worked as described when BraveScreenFingerprintingBlockerStudy is enabled.

brave://version Line Extension Bitwarden Extension
image image image
Part B of test plan - PASSED

Verified the test plan from https://github.com/brave/brave-browser/issues/26715#issuecomment-1322435253 - Part B:

Using 1.45.131, run through the cases from https://github.com/brave/brave-browser/issues/23170#issuecomment-1269026947:

Case 1: 1st launch, no Griffin - PASSED

Steps:

  1. installed 1.45.131
  2. launched Brave
  3. opened brave://version
  4. confirmed no Griffin studies listed
  5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
  6. clicked on Generate fingerprints
  7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:
  • Screen resolution
  • Screen resolution media query
  • Available screen resolution
  1. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
  2. moved the mouse around and examined the tracked events

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

step 3 step 7 step 9
image image image

Case 2: 2nd launch, Griffin-enabled study with Shields enabled- PASSED

(Continued from 1st launch, no Griffin test, above) 10. restarted Brave 11. opened brave://version 12. confirmed in the case you get BraveScreenFingerprintingBlockerStudy:Enabled (note, study is enabled at 100% on Nightly/Beta but only 50% on Release, so when testing on 1.45.x please be aware you may need a few attempts to get this study enabled) 13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html 14. clicked on Generate fingerprints 16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html 17. moved the mouse around and examined the tracked coordinates

Confirmed the values for This Page were different from Local Frame and Remote Frame (which were both the same); the only four (4) trackable events were the mouseEvent.client(X/Y) coordinates

step 11 step 13 step 16
image image image

Case 3: 2nd launch, Griffin-enabled study with Shields disabled- PASSED

  1. continued from Case 2
  2. disable Shields in the Shields panel
  3. reload the https://dev-pages.brave.software/fingerprinting/farbling.html
  4. clicked on Generate fingerprints
  5. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
  6. disable Shields in the Shields panel
  7. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

brave://version shields down farbling.html screen.html
image image image image

Case 4: relaunch, default/no study - PASSED

(Continued from 1st launch, no Griffin test, above) 10. restarted Brave 11. opened brave://version 12. confirmed in the case where BraveScreenFingerprintingBlockerStudy:Default (note, study is enabled at 100% on Nightly/Beta but only 50% on Release - this means I had to disable brave://flags#brave-block-screen-fingerprinting to test this on Nightly however when testing on Release 1.45.x please be aware you may need a few attempts to get this study as “Default”.) 13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html 14. clicked on Generate fingerprints 15. loaded https://arthuredelstein.github.io/tracking_demos/screen.html 16. moved the mouse around and examined the tracked coordinates

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

step 11 step 14 step 16
image image image
Read more comments on GitHub >

github_iconTop Results From Across the Web

Google Chrome extensions can be fingerprinted to track you ...
To track users on the web, it is possible to create fingerprints, or tracking hashes, based on various characteristics of a device connecting ......
Read more >
How anti-fingerprinting extensions tend to make fingerprinting ...
Browser extensions claiming to protect against fingerprinting will typically result in more data available for fingerprinting.
Read more >
Google Chrome Extensions Can Be Fingerprinted to Track ...
The Extensions Fingerprints site only works with Chromium browsers installing extensions from the Chrome Web Store. This method will work with ...
Read more >
Detecting Browser Extensions via Injected Style Sheets
In this paper, we present a new method of fingerprinting browser extensions which, to the best of our knowledge, has never been presented...
Read more >
Heads-Up, Chrome Extensions Can Be Used To Track You ...
Heads-Up, Chrome Extensions Can Be Used To Track You With Browser Fingerprinting · Google Chrome logo with a fingerprint in the middle ·...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

`Support this creator` header is not shown in the tipping banner

Next page

navigator.userAgent not farbled properly in dynamic iframes