Re: Some Feature requests. from Doug Moen on 2019-08-08 (public-gpu@w3.org from August 2019)

From: Doug Moen <doug@moens.org>
Date: Thu, 08 Aug 2019 15:12:09 +0000
To: public-gpu@w3.org
Message-Id: <82d68dae-de5f-4a27-acc9-f5f559ab9f57@www.fastmail.com>

The GPU query function that Kevin requested should be added to WebGPU. If you look at the big picture, leaving it out doesn't add any real protection against browser fingerprinting.

The GPU query function that Kevin has asked for will have zero impact on the Tor browser's ability to block fingerprinting attempts. Tor can simply modify that API to return fake information (the same information for all browsers, regardless of the GPU).

Kevin needs an accurate characterization of the GPU hardware, so that he can make decisions about what algorithm to use for maximum performance. Kevin can obtain this accurate information regardless of whether WebGPU provides the API, but it is expensive, involving benchmarking.

The threat model we are protecting against (browser finger printing) has a much easier job than Kevin. A browser finger printer only cares that two GPUs are different, it doesn't care why they are different. The GPU fingerprint can be obtained in a lot of different ways, and the computation can be much cheaper.

One of the standard browser finger printing techniques is "Canvas fingerprinting" (https://browserleaks.com/canvas). This tests for variations in the way that 2D graphics are drawn into a canvas, and since web browsers typically use GPUs for 2D graphics now, it is actually an indirect way of fingerprinting the GPU without use the WebGL API. Tor already has a countermeasure for this. Tor can block the API calls required to deliver the canvas information to the attacker.

WebGL is another tool that can be used for browser fingerprinting. https://browserleaks.com/webgl

The two common techniques are the WebGL Report Hash and the WebGL Image hash.

The WebGL Report hash contains information like: what version of WebGL is available, what extensions are available, and information about the GPU and driver. WebGPU will provide similar information. If you can query whether the WebGPU API is available or not, what version of WebGPU is installed, and what extensions are available, you are already providing some information useful for fingerprinting. The addition of Kevin's GPU query API will add a few more bits of information.

There is nothing that the WebGPU committee can do to protect against WebGPU image hash fingerprinting in the WebGPU API design. And this attack provides the same information as Kevin's GPU query API. However, browsers like Tor can protect against this at a higher level.

An easy way to protect yourself against browser fingerprinting is to run an ad blocker. Canvas and WebGL fingerprinting require javascript in order to work. Ad blockers prevent javascript created by advertisers from running.

Received on Thursday, 8 August 2019 15:12:43 UTC