2 May
2020
2 May
'20
4:03 a.m.
--[ Response to comments on (2)
I really like the "fingerprinting-tainting" idea. Perhaps it would be worthwhile to implement this behind a default-off pref and conduct a study (and, of course, try to attack it.)
Tom: What do you think?
I think the idea that the sites might be doing drawImage -> toDataURL is worth investigating.
I think we should try to implement the most conservative choice that fixes these instances we know of; so I think the next step is to dig into what's happening on these sites: what's written to the canvas, and why/how they're extracting it.
-tom