For clarity, it’s already possible to render to a regular canvas offscreen. The <canvas> can be hidden using any of the techniques that can make any other canvas invisible. Name notwithstanding, OffscreenCanvas is mainly about being able to render from a Worker, not about enabling rendering offscreen. Thus, I would not expect it to make it easier to invisibly fingerprint using canvas.
On Oct 10, 2019, at 9:32 AM, Chris Lord <clord@igalia.com> wrote:
Hi John,
I don't know what the current state is of counter-measures for such an attack, but I don't immediately imagine OffscreenCanvas would make them more effective. The patch series doesn't add any new rendering paths, so whatever was possible before will likely still be possible and whatever wasn't will hopefully still not be possible. That said, I'll look into this and discuss it with some people that will know better than me and try to get a better picture.
Thanks,
Chris
On 2019-10-10 17:32, John Wilander wrote:
Hi Chris!
Canvas is a very popular GPU fingerprinting vector and allowing it offscreen sounds like a more convenient way to perform such an attack on user privacy. Do you know if Blink or Gecko have elaborated on this? What is your assessment?
Given the cross-engine effort to fight device fingerprinting and WebKit and Gecko’s recently published tracking prevention policies, we should do a threat analysis of this feature.
Regards, John
On Oct 10, 2019, at 4:24 AM, Chris Lord <clord@igalia.com> wrote:
Hi all,
I've spent the last month or so 'finishing' the implementation of OffscreenCanvas[1], based on Žan Doberšek's work from a year ago[2]. OffscreenCanvas is an API for being able to use canvas drawing without a visible canvas, and from within Workers. It's supported by Blink and has partial support in Gecko.
It's at the point now where I'd consider it a finished draft - it is almost fully implemented and passes the majority of relevant tests in a debug build without crashing, but has some areas that need completion on other platforms (async drawing on non-Linux) and some missing parts (Web Inspector, ImageBitmapRenderingContext). It almost certainly needs reworking in places.
My work is on GitHub[3] - I'd like to solicit reviews and comment. Some of the bugs hanging off [2] have patches that need review and I think are near ready to being landable as the foundation of this work. It is broadly split up like so:
- Refactor to move functionality from HTMLCanvasElement to CanvasBase - Refactor to not unnecessarily require HTMLCanvasElement in places - Implement OffscreenCanvas functionality - Make font loading/styling usable from a Worker and without a Document - Implement AnimationFrameProvider on DedicatedWorkerGlobalScope - Implement asynchronous drawing updates on placeholder canvases
I expect the font-related stuff to be the most contentious, and my AnimationFrameProvider implementation may be too trivial (but might be ok for a first go?)
All feedback appreciated. Best regards,
Chris
[1] https://html.spec.whatwg.org/multipage/canvas.html#the-offscreencanvas-inter... [2] https://bugs.webkit.org/show_bug.cgi?id=183720 [3] https://github.com/Cwiiis/webkit/tree/offscreen-canvas _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev