[New GUI] Wrapper groups

[Libor Polčák]

Re: Development meeting minutes 23/Aug/2021
>    * We discuss UI proposal
>      * group wrappers by feature that the end user may want to enable,
> instead of grouping by type of attack.

Hello all,

we discussed that we should revisit the groups that we have now for the new UI.

Let's start with what we have right now:


Group name: time_precision
Manipulate the time precision provided by Date and performance
Wrappers: 
Performance.prototype.now,PerformanceEntry.prototype,window.Date,Event.prototype.timeStamp,Gamepad.prototype.timestamp,VRFrameData.prototype.timestamp


Group name: htmlcanvaselement
Protect against canvas fingerprinting
Wrappers: 
CanvasRenderingContext2D.prototype.getImageData,HTMLCanvasElement.prototype.toBlob,HTMLCanvasElement.prototype.toDataURL,OffscreenCanvas.prototype.convertToBlob,CanvasRenderingContext2D.prototype.isPointInStroke,CanvasRenderingContext2D.prototype.isPointInPath


Group name: audiobuffer
Protect against audio fingerprinting
Wrappers: 
AudioBuffer.prototype.getChannelData,AudioBuffer.prototype.copyFromChannel,AnalyserNode.prototype.getByteTimeDomainData,AnalyserNode.prototype.getFloatTimeDomainData,AnalyserNode.prototype.getByteFrequencyData,AnalyserNode.prototype.getFloatFrequencyData


Group name: webgl
Protect against wegbl fingerprinting
Wrappers: 
WebGLRenderingContext.prototype.getParameter,WebGL2RenderingContext.prototype.getParameter,WebGLRenderingContext.prototype.getFramebufferAttachmentParameter,WebGL2RenderingContext.prototype.getFramebufferAttachmentParameter,WebGLRenderingContext.prototype.getActiveAttrib,WebGL2RenderingContext.prototype.getActiveAttrib,WebGLRenderingContext.prototype.getActiveUniform,WebGL2RenderingContext.prototype.getActiveUniform,WebGLRenderingContext.prototype.getAttribLocation,WebGL2RenderingContext.prototype.getAttribLocation,WebGLRenderingContext.prototype.getBufferParameter,WebGL2RenderingContext.prototype.getBufferParameter,WebGLRenderingContext.prototype.getProgramParameter,WebGL2RenderingContext.prototype.getProgramParameter,WebGLRenderingContext.prototype.getRenderbufferParameter,WebGL2RenderingContext.prototype.getRenderbufferParameter,WebGLRenderingContext.prototype.getShaderParameter,WebGL2RenderingContext.prototype.getShaderParameter,WebGLRenderingContext.prototype.getShaderPrecisionFormat,WebGL2RenderingContext.prototype.getShaderPrecisionFormat,WebGLRenderingContext.prototype.getTexParameter,WebGL2RenderingContext.prototype.getTexParameter,WebGLRenderingContext.prototype.getUniformLocation,WebGL2RenderingContext.prototype.getUniformLocation,WebGLRenderingContext.prototype.getVertexAttribOffset,WebGL2RenderingContext.prototype.getVertexAttribOffset,WebGLRenderingContext.prototype.getSupportedExtensions,WebGL2RenderingContext.prototype.getSupportedExtensions,WebGLRenderingContext.prototype.getExtension,WebGL2RenderingContext.prototype.getExtension,WebGLRenderingContext.prototype.readPixels,WebGL2RenderingContext.prototype.readPixels


Group name: plugins
Protect against plugin fingerprinting
Wrappers: navigator.plugins


Group name: enumerateDevices
Prevent fingerprinting based on the multimedia devices connected to the computer
Wrappers: MediaDevices.prototype.enumerateDevices


Group name: hardware
Spoof hardware information to the most popular HW
Wrappers: navigator.hardwareConcurrency,navigator.deviceMemory


Group name: xhr
Filter XMLHttpRequest requests
Wrappers: XMLHttpRequest.prototype.open,XMLHttpRequest.prototype.send


Group name: arrays
Protect against ArrayBuffer exploitation
Wrappers: 
window.DataView,window.Uint8Array,window.Int8Array,window.Uint8ClampedArray,window.Int16Array,window.Uint16Array,window.Int32Array,window.Uint32Array,window.Float32Array,window.Float64Array


Group name: shared_array
Protect against SharedArrayBuffer exploitation:
Wrappers: window.SharedArrayBuffer


Group name: webworker
Protect against WebWorker exploitation
Wrappers: window.Worker


Group name: geolocation
Geolocation API wrapping
Wrappers: 
navigator.geolocation,navigator.geolocation.getCurrentPosition,navigator.geolocation.watchPosition,navigator.geolocation.clearWatch


Group name: gamepads
Prevent websites from learning information on local gamepads
Wrappers: navigator.getGamepads


Group name: vr
Prevent websites from learning information on local Virtual Reality displays
Wrappers: navigator.activeVRDisplays,navigator.xr


Group name: analytics
Prevent sending analytics through Beacon API
Wrappers: navigator.sendBeacon


Group name: battery
Disable Battery status API
Wrappers: navigator.getBattery


Group name: windowname
Clear window.name value on the webpage loading
Wrappers: window.name



I see some related groups which can be maybe simplified. Let's go through the 
current groups. All proposed levels of mitigation below are supported by 
current wrappers.

time_precision can be called "Precise time measurement"
We can offer 4 levels:
off: No rounding applied
low/simple: Round to hundredths of a second (1.230)
medium: Round to tenths of a second (1.200)  - maybe skip this option to limit 
possibilities?
high/strict: Round to full seconds (1.000) and randomize

htmlcanvaselement, webgl can be merged into "Advanced graphics"
We can offer three levels:
off: no protection
white lies: small changes to the provided information with small impact on 
functionality
strict: limit the provided data as much as possible

audiobuffer: Audio processing
We can offer three levels:
off: no protection
white lies: small changes to the provided information with small impact on 
functionality
strict: limit the provided data as much as possible

enumerateDevices can be renamed to Audio and video input
We can offer four levels:
off: no changes
medium/keep functionality: Add 0-4 fake devices and randomize order
high/strict: Do not return any device


arrays and shared_array could form a new group but I am not sure on the name so 
that an uninformed user knows when to edit the setting
We can prevent three levels of protection: off/simple/strict


geolocation can be renamed to Real-world location
We can offer following levels:
precise location: no inteferrence
small: Either "Use accuracy of hundreds of meters" or "Use accuracy of 
kilometers"
medium: Either "Use accuracy of tens of kilometers" or "Use accuracy of hundreds of 
kilometers"
do not provide: "Turn location services off"


We can keep gamepads and virtual reality (VR) separate but from reading the 
docs it seems that VR depends on gamepads. On the other hand using gamepads 
does not necessary mean that I want to offer information on VR. Do we want to 
provide such relation? How to represent them in GUI?
We should provide on/off levels


analytics can be called analytics or we can rename to Beacons or do you have a 
better name?
We should provide on/off levels


I am not sure about what to do with the following:

* webworker - how to explain to a user without detailed knowledge? We implement 
two counter-measures
* hardware, plugins, battery - how many group do we create (1/2/3?), how to 
explain to a user without detailed knowledge?
* windowname - on/off, how to explain to a user without detailed knowledge?
* xhr - I do not know if we want to keep this wrapper. It does not prevent the 
page form using Fetch API, RTC and other methods.

If you have better ideas, please share.

Regards

Libor