Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:  closed
Component:  Applications/Tor Browser |  Milestone:
 Severity:  Normal   |Version:
 Keywords:  tbb-fingerprinting,  | Resolution:  fixed
  TorBrowserTeam201606R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Seems we are done here as well. tor-browser-45.2.0esr-6.5-1 has the
 changes (commits f2291c41ff45ff3108ef05539fadf7fafac2e7cd and
 0f601022eee81c9a0d2fd94a59e4719163d155e4).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:7 arthuredelstein]:
 > Replying to [comment:6 mcs]:
 > > Replying to [comment:4 gk]:
 > > > Hm. `new Date.getTime()` gives me something like 1467036079100 and
 `Math.floor(new File([], "").lastModified / 10) * 10)`
 146703610 or 146703640 or something similar. It seems your code is
 not rounding to 100ms?
 > >
 > > The units for mLastModificationDate are microseconds, so part of the
 patch will need to be changed.
 >
 > Thanks everyone for having a look at this patch. I used 10 exactly
 because that mLastModificationDate variable is in microseconds, so my
 feeling is the patch is correct. What part do you have in mind that needs
 to be changed?
 >
 > Here are relevant lines from the mochitest on OS X. I think it is
 correctly rounding to the most recent 100 ms.
 > {{{
 > 7 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new
 Date().getTime()' should be rounded to nearest 100 ms; saw 1467057044400
 > [snip]
 > 13 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
 "").lastModified' should be rounded to nearest 100 ms; saw 1467057044500
 > 14 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
 "").lastModifiedDate.getTime()' should be rounded to nearest 100 ms; saw
 1467057044500
 > }}}

 Interesting. I assumed testing in the scratchpad of an unpatched Tor
 Browser would be enough in a first pass. But it seems I was wrong for some
 reason. I've built the patch and verified that it is working. Thus, looks
 fine to me.

 > > I am not sure how to fix the tests to detect when values are rounded
 too much. Maybe by using a real file with a known modified date?
 >
 > If we bind this behavior to a pref (perhaps in the upstreamed version)
 and then measure the same value with pref on and off, it should be
 possible to test that the two values are within 100 ms. But since we don't
 have that pref right now, I would be inclined to just do manual tests for
 now.

 Sounds good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:7 arthuredelstein]:
 > Thanks everyone for having a look at this patch. I used 10 exactly
 because that mLastModificationDate variable is in microseconds, so my
 feeling is the patch is correct. What part do you have in mind that needs
 to be changed?

 Hmm. On second thought, I think your patch is correct. I will try to
 compile and run it later, unless GeKo has second thoughts about the
 problem he saw.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:6 mcs]:
 > Replying to [comment:4 gk]:
 > > Hm. `new Date.getTime()` gives me something like 1467036079100 and
 `Math.floor(new File([], "").lastModified / 10) * 10)`
 146703610 or 146703640 or something similar. It seems your code is
 not rounding to 100ms?
 >
 > The units for mLastModificationDate are microseconds, so part of the
 patch will need to be changed.

 Thanks everyone for having a look at this patch. I used 10 exactly
 because that mLastModificationDate variable is in microseconds, so my
 feeling is the patch is correct. What part do you have in mind that needs
 to be changed?

 Here are relevant lines from the mochitest on OS X. I think it is
 correctly rounding to the most recent 100 ms.
 {{{
 7 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new
 Date().getTime()' should be rounded to nearest 100 ms; saw 1467057044400
 [snip]
 13 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
 "").lastModified' should be rounded to nearest 100 ms; saw 1467057044500
 14 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
 "").lastModifiedDate.getTime()' should be rounded to nearest 100 ms; saw
 1467057044500
 }}}

 > I am not sure how to fix the tests to detect when values are rounded too
 much. Maybe by using a real file with a known modified date?

 If we bind this behavior to a pref (perhaps in the upstreamed version) and
 then measure the same value with pref on and off, it should be possible to
 test that the two values are within 100 ms. But since we don't have that
 pref right now, I would be inclined to just do manual tests for now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:4 gk]:
 > Hm. `new Date.getTime()` gives me something like 1467036079100 and
 `Math.floor(new File([], "").lastModified / 10) * 10)`
 146703610 or 146703640 or something similar. It seems your code is
 not rounding to 100ms?

 The units for mLastModificationDate are microseconds, so part of the patch
 will need to be changed.

 I am not sure how to fix the tests to detect when values are rounded too
 much. Maybe by using a real file with a known modified date?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-
Changes (by gk):

 * cc: mcs, brade (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by gk):

 Hm. `new Date.getTime()` gives me something like 1467036079100 and
 `Math.floor(new File([], "").lastModified / 10) * 10)`
 146703610 or 146703640 or something similar. It seems your code is
 not rounding to 100ms?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201606R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-fingerprinting, TorBrowserTeam201506R => tbb-
 fingerprinting, TorBrowserTeam201606R


Comment:

 We already have 2016. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201506R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  accepted => needs_review
 * keywords:  tbb-fingerprinting, TorBrowserTeam201506 => tbb-
 fingerprinting, TorBrowserTeam201506R


Comment:

 Here are two patches for review:

 https://github.com/arthuredelstein/tor-browser/commits/19478

 505c4469c4a93cbf1154db8449424f9cce3ff866 (fix)
 a2f2e8079531a9437000ce522632dd8f4496429e (regression test)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  accepted
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201506   | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-
Changes (by arthuredelstein):

 * owner:  tbb-team => arthuredelstein
 * status:  new => accepted


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time

[Tor Bug Tracker & Wiki]

#19478: File API leaks ms-resolution time
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-fingerprinting,
 Severity:  Normal   |  TorBrowserTeam201506
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The following calls leak time to content scripts:

 {{{
 new File([], "").lastModifiedDate
 new File([], "").lastModified
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs