commit aa954ad1f771bbd841b42bb72be4c55830dc3b09
parent b6938aa4847b44ca174ad510933208967096aef5
Author: Tom Ritter <tom@mozilla.com>
Date: Tue, 9 Dec 2025 16:34:57 +0000
Bug 1873716: Simplify the fingerprinting content blocking log logic r=timhuang
Presently we use CheckSuspiciousFingerprintingActivity to see
if the number of fingerprinting activities exceed a theshold
and if so, we indicate that an entry has suspicious fingerprinting.
That threshold is 1. And we don't have any plans to adjust it.
So we can just remove the check altogether: if that function is
called, it is called immediately after creating or finding a log
of the two relevant types: Canvas or Font fingerprinting. So it
will _always_ return true.
SKIP_BMO_CHECK
Differential Revision: https://phabricator.services.mozilla.com/D273659
Diffstat:
3 files changed, 4 insertions(+), 59 deletions(-)
diff --git a/toolkit/components/antitracking/ContentBlockingLog.cpp b/toolkit/components/antitracking/ContentBlockingLog.cpp
@@ -491,11 +491,8 @@ ContentBlockingLog::OriginEntry* ContentBlockingLog::RecordLogInternal(
// been marked.
// TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
// out of here.
- if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
- aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
- !entry.mData->mHasSuspiciousFingerprintingActivity &&
- nsRFPService::CheckSuspiciousFingerprintingActivity(
- entry.mData->mLogs)) {
+ if (aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
+ aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) {
entry.mData->mHasSuspiciousFingerprintingActivity = true;
}
return &entry;
@@ -533,10 +530,8 @@ ContentBlockingLog::OriginEntry* ContentBlockingLog::RecordLogInternal(
// marked.
// TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
// out of here.
- if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
- aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
- nsRFPService::CheckSuspiciousFingerprintingActivity(
- entry->mData->mLogs)) {
+ if (aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
+ aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) {
entry->mData->mHasSuspiciousFingerprintingActivity = true;
}
}
diff --git a/toolkit/components/resistfingerprinting/nsRFPService.cpp b/toolkit/components/resistfingerprinting/nsRFPService.cpp
@@ -156,8 +156,6 @@ MOZ_RUNINIT const RFPTargetSet kDefaultFingerprintingProtections = {
#undef DESKTOP_DEFAULT
// NOLINTEND(bugprone-macro-parentheses)
-static constexpr uint32_t kSuspiciousFingerprintingActivityThreshold = 1;
-
// ============================================================================
// ============================================================================
// ============================================================================
@@ -2106,48 +2104,6 @@ static void MaybeCurrentCaller(nsACString& aFilename, uint32_t& aLineNum,
}
/* static */
-bool nsRFPService::CheckSuspiciousFingerprintingActivity(
- nsTArray<ContentBlockingLog::LogEntry>& aLogs) {
- if (aLogs.Length() == 0) {
- return false;
- }
-
- uint32_t cnt = 0;
- // We use these two booleans to prevent counting duplicated fingerprinting
- // events.
- bool foundCanvas = false;
- bool foundFont = false;
-
- // Iterate through the logs to see if there are suspicious fingerprinting
- // activities.
- for (auto& log : aLogs) {
- // If it's a known canvas fingerprinter, we can directly return true from
- // here.
- if (log.mCanvasFingerprinter &&
- (log.mCanvasFingerprinter.ref() ==
- ContentBlockingNotifier::CanvasFingerprinter::eFingerprintJS ||
- log.mCanvasFingerprinter.ref() ==
- ContentBlockingNotifier::CanvasFingerprinter::eAkamai)) {
- return true;
- } else if (!foundCanvas && log.mType ==
- nsIWebProgressListener::
- STATE_ALLOWED_CANVAS_FINGERPRINTING) {
- cnt++;
- foundCanvas = true;
- } else if (!foundFont &&
- log.mType ==
- nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) {
- cnt++;
- foundFont = true;
- }
- }
-
- // If the number of suspicious fingerprinting activity exceeds the threshold,
- // we return true to indicates there is a suspicious fingerprinting activity.
- return cnt > kSuspiciousFingerprintingActivityThreshold;
-}
-
-/* static */
bool nsRFPService::IsSystemPrincipalOrAboutFingerprintingProtection(
JSContext* aCx, JSObject* aObj) {
if (!NS_IsMainThread()) {
diff --git a/toolkit/components/resistfingerprinting/nsRFPService.h b/toolkit/components/resistfingerprinting/nsRFPService.h
@@ -390,12 +390,6 @@ class nsRFPService final : public nsIObserver, public nsIRFPService {
// --------------------------------------------------------------------------
- // A helper function to check if there is a suspicious fingerprinting
- // activity from given content blocking origin logs. It returns true if we
- // detect suspicious fingerprinting activities.
- static bool CheckSuspiciousFingerprintingActivity(
- nsTArray<ContentBlockingLog::LogEntry>& aLogs);
-
// Generates a fake media device name with given kind and index.
// Example: Internal Microphone
static void GetMediaDeviceName(nsString& aName,
