WordPress.org

Make WordPress Core

Changes between Initial Version and Version 10 of Ticket #42428


Ignore:
Timestamp:
03/02/2018 01:42:43 AM (4 years ago)
Author:
pento
Comment:

There's an ongoing discussion to add an appropriate flag to the permissions API. Firefox will hopefully be implementing this flag.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #42428

    • Property Version changed from trunk to 4.1.2
    • Property Milestone changed from Awaiting Review to Future Release
  • Ticket #42428 – Description

    initial v10  
    33wp-emoji uses a technique that’s often used by trackers for fingerprinting clients: reading canvas pixel data. For them, differences in OS and graphics drivers can lead to subtle differences when text is rendered to a canvas. This means that when they hash data read out of the canvas with text on they have another datapoint to identify a client.
    44
    5 To work around this, Firefox has recently uplifted a technique from TOR Browser. If you visit a site that tries to do this it’ll pop open a hanger asking for the user’s permission. You can test this by downloading a copy of Firefox Nightly, going to about:config and setting privacy.resistFingerprinting to true. Which brings us on to Wordpress…
     5To work around this, Firefox has recently uplifted a technique from TOR Browser. If you visit a site that tries to do this it’ll pop open a hanger asking for the user’s permission. You can test this by downloading a copy of Firefox Nightly, going to about:config and setting privacy.resistFingerprinting to true. Which brings us on to WordPress…
    66
    77Unfortunately the default wp-emoji package also uses this technnique, which triggers a browser warning on a large number of sites I visit on a daily basis. While I doubt that Wordpress is using this for user tracking, it means that sites that are being nefarious get lost in the Wordpress noise. This is a shame, but also I would imagine that it would be hard for Firefox to turn this on by default given the number of sites out there using Wordpress.