On Sat, Oct 29, 2016 at 7:21 AM, Kohei Yoshino <kohei.yosh...@gmail.com> wrote:
> So the Battery Status API has just been removed, I think now is a good > time to think about navigator.buildID again, which bug [1] has been > inactive for a whole year. > > 4 years ago, Firefox 16 removed a minor version number from the user agent > string to mitigate fingerprinting [2][3]. However, the build ID unique to > each minor version is still exposed via the non-standard navigator.buildID > property. Since trackers can easily retrieve build IDs from Mozilla Wiki > [4] to map them to minor version numbers, the fix in Firefox 16 was totally > meaningless. > > There were some legitimate use cases on Mozilla properties, for example, > warning visitors who are using an outdated Firefox, but those usages have > been replaced with the UITour API [5]. A comment in the bug [1] explains > that Netflix was also using the build ID to detect a specific playback bug > in Firefox, but it's probably not longer relevant. Given that, I believe > the buildID property should be removed, or at least made chrome-only. > > Thoughts? > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=728831 > [3] https://www.fxsitecompat.com/en-CA/docs/2012/ua-string-no-lo > nger-contains-patch-level-version-number/ > [4] https://wiki.mozilla.org/Releases/Firefox_49/Test_Plan#Milestones > [5] https://bedrock.readthedocs.io/en/latest/uitour.html This is buried in bug 583181, but since Mozilla only ships ~1 build per version+platform, the buildID adds little fingerprinting potential to binaries that Mozilla distributes. The main fingerprinting concern is around Firefox builds not produced by Mozilla. e.g. if you compile Firefox from source, your buildID has a good chance of being unique. There is also an increased fingerprinting risk on channels like Nightly with lower distribution. However, this may be offset by those channels updating daily and not providing a stable fingerprint to anchor off of. A compromise position might be to require a configure flag to enable navigator.buildID (or enable it being non-static). The flag would be disabled by default but enabled in Mozilla's distributed builds. Downstream builders would have to explicitly enable it. We could also only enable "real buildID" on Nightly and Aurora channels, since there appears to be some benefit to this API there. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
