• forum
  • WebGL forbidden in Tails? (I hope so!)
 WebGL forbidden in Tails? (I hope so!)
Download Tails 0.23 March 19, 2014

has WebGL been disabled?

"WebGL can reveal information about the video card in use, and high precision timing information can be used to fingerprint the CPU and interpreter speed." [...] The adversary simply renders WebGL, font, and named color data to a Canvas element, extracts the image buffer, and computes a hash of that image data. Subtle differences in the video card, font packs, and even font and graphics library versions allow the adversary to produce a stable, simple, high-entropy fingerprint of a computer. In fact, the hash of the rendered image can be used almost identically to a tracking cookie by the web server. [...] WebGL is fingerprintable both through information that is exposed about the underlying driver and optimizations, as well as through performance fingerprinting.

Because of the large amount of potential fingerprinting vectors and the previously unexposed vulnerability surface, we deploy a similar strategy against WebGL as for plugins. "

https://www.torproject.org/projects/torbrowser/design/

RSS Atom
comment 1
Noscript forbids WebGL for blacklisted and whitelisted sites.
Comment by Anonymous Fri 10 May 2013 02:15:19 AM CEST
comment 4
Tails has had WebGL enabled as click-to-play since version 0.17. The same fingerprinting defenses as the TBB are used. They are documented on the web page you're quoting.
Comment by Tails Mon 13 May 2013 12:21:24 PM CEST
Add a comment