[w3c/permissions] A new permission for canvas data (#165)

Canvas can (and is) used to fingerprint users, allowing (for example) ad agencies to track users even when they wipe their cookies and other persistent identifiers and change networks. (More information about this is available at https://en.wikipedia.org/wiki/Canvas_fingerprinting )

The fingerprinting ultimately arises by asking the canvas to render something, and then recording the resulting render using (for example, toDataURL or toBlob). Subtle differences in how the image is rendered can be unique to individual users, and is repeatable across time, network, and domain.

For a long time, Tor Browser has used a Permission Prompt to control access to these APIs; and more recently we (Mozilla) have adopted that patch and integrated it (behind a non-default preference). A downside of being more privacy conscious is that canvas use is prevalent throughout the web, and the permission prompt occurs quite a lot, and it's not possible to distinguish between benign uses of canvas (such as using it to check for emoji support) and tracking purposes.

However, we've spoken with at the maintainer of the Wordpress emoji library (which is used quite a bit around the web) and they are willing to account for the Permission prompt if we can provide a way to query "Will you display a permission prompt" in JavaScript. We hope other large sites would consider doing the same.

Obviously the Permissions API is the best way to query "Will you show a permission prompt?"

So I'd like to standardize a new permission (perhaps 'canvas-pixeldata') that will state whether a UA will prompt for permission to access the canvas pixel APIs (toDataURL, toBlob, and maybe isPointInPath, the last one needs investigating.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/165