Fingerprinting APIs

[patmmccann]

https://github.com/duckduckgo/tracker-radar/blob/main/build-data/generated/api_fingerprint_weights.json#L97 indicates which apis are used for fingerprinting .

Prebid gets flagged as "3" which is definitely a printer https://github.com/duckduckgo/tracker-radar/blob/main/docs/DATA_MODEL.md

These results are used by safari to identify trackers and prevent their calls in private mode https://webkit.org/blog/15697/private-browsing-2-0/

Should we ban these functions in use by Baidu and Teads?
https://github.com/search?q=repo%3Aprebid%2FPrebid.js%20deviceMemory&type=code
https://github.com/search?q=repo%3Aprebid%2FPrebid.js+hardwareconcurrency&type=code

The latter is useful for bot detection i think? Teads and Baidu teams, could you elaborate on your use case?

[patmmccann]

we should try and add some of the worst functions to the linting rules

[patmmccann]

Noted in committee, it can be hard to get off these lists

[github-baptiste-haudegand]

Hello ! On behalf of Teads, we are starting to look into this issue and we will keep you posted once we have more information

Thanks,

[github-saad-elmahfoudi]

Hello,
On Teads side, these features are not at all used for fingerprinting. They're used exclusively to calibrate better our machine learning models for delivery. So the knowledge we get from them is only if an ad will deliver better on a type of environment (device memory, hardware concurrency ...). is it mandatory to remove these features from our connector even if our use case does not fall in the category of fingerprinting?
Thank you!

[SylviaF]

Hi，on Baidu side, We’ve found that we did retrieve device memory, but we didn't use if for fingerprinting. We plan to submit a PR for deprecation that code by next Wednesday.

[patmmccann]

@github-saad-elmahfoudi discussion is ongoing, there is no policy, we're just asking what the use is so far

Also, turns out my Mom was right, I am special: amiunique.com

[patmmccann]

One requirement from discussion: add a lot more functions to the codeql scanner. Add some documentation disclosures.

[jdwieland8282]

And notify code reviews when PRs come in when the adapter has a score greater than x? 50? what sounds reasonable @dgirardi ?

[dgirardi]

weights from the OP, in order:

{
    "KeyboardEvent.prototype.code": 0,
    "TouchEvent.prototype.constructor": 0,
    "CookieStore.prototype.getAll": 0.03,
    "Animation.prototype.startTime": 0.35,
    "CookieStore.prototype.set": 0.43,
    "Document.prototype.interestCohort": 0.7,
    "Event.prototype.timeStamp": 0.77,
    "Navigator.prototype.userAgent": 1.44,
    "Date.prototype.getTime": 1.73,
    "Document.cookie getter": 1.96,
    "CookieStore.prototype.get": 2.29,
    "NavigatorUAData.prototype.getHighEntropyValues": 2.41,
    "Document.cookie setter": 2.66,
    "window.localStorage": 2.88,
    "Navigator.prototype.javaEnabled": 3.15,
    "Navigator.prototype.presentation": 3.29,
    "window.sessionStorage": 4.36,
    "Navigator.prototype.language": 4.66,
    "HTMLMediaElement.prototype.canPlayType": 4.75,
    "URL.createObjectURL": 4.95,
    "window.name": 5.39,
    "Navigator.prototype.product": 5.55,
    "Navigator.prototype.vendor": 5.59,
    "Screen.prototype.width": 5.66,
    "Screen.prototype.height": 5.76,
    "NavigatorUAData.prototype.platform": 6.09,
    "PerformanceTiming.prototype.navigationStart": 6.16,
    "NavigatorUAData.prototype.brands": 6.17,
    "window.matchMedia(\"prefers-color-scheme\")": 6.31,
    "Navigator.prototype.appVersion": 6.48,
    "Navigator.prototype.plugins": 6.67,
    "speechSynthesis.__proto__.getVoices": 6.74,
    "Navigator.prototype.appName": 7.72,
    "window.innerWidth": 7.95,
    "BroadcastChannel.prototype.constructor": 8.05,
    "Navigator.prototype.platform": 8.72,
    "window.innerHeight": 8.83,
    "Element.prototype.getClientRects": 8.89,
    "Animation.prototype.currentTime": 9.5,
    "console.memory": 9.69,
    "Navigator.prototype.doNotTrack": 10.59,
    "Performance.prototype.memory": 11.38,
    "Navigator.prototype.requestMediaKeySystemAccess": 11.58,
    "Navigator.prototype.languages": 11.67,
    "Navigator.prototype.mimeTypes": 12.34,
    "KeyboardEvent.prototype.keyCode": 12.81,
    "Navigator.prototype.maxTouchPoints": 12.85,
    "Notification.permission": 13.16,
    "Navigator.prototype.cookieEnabled": 14.16,
    "BarProp.prototype.visible": 14.5,
    "document.fonts.check": 14.67,
    "MediaSource.isTypeSupported": 14.91,
    "Screen.prototype.colorDepth": 15,
    "Navigator.prototype.connection": 15.09,
    "Date.prototype.getTimezoneOffset": 15.51,
    "window.indexedDB": 19.13,
    "Intl.DateTimeFormat.prototype.resolvedOptions": 19.55,
    "Navigator.prototype.onLine": 21.05,
    "window.devicePixelRatio": 21.48,
    "Navigator.prototype.webkitTemporaryStorage": 22.56,
    "WebGLRenderingContext.prototype.getExtension": 27.99,
    "WebGLRenderingContext.prototype.getParameter": 28.93,
    "HTMLCanvasElement.prototype.toBlob": 30.48,
    "Screen.prototype.orientation": 30.62,
    "CanvasRenderingContext2D.prototype.getImageData": 31.78,
    "RTCPeerConnection.prototype.constructor": 34.05,
    "AudioWorkletNode.prototype.constructor": 34.17,
    "CanvasRenderingContext2D.prototype.measureText": 39.1,
    "Screen.prototype.pixelDepth": 39.87,
    "Navigator.prototype.webdriver": 40.3,
    "Navigator.prototype.getGamepads": 41.79,
    "Navigator.prototype.permissions": 46.67,
    "RTCPeerConnectionIceEvent.prototype.candidate": 48.29,
    "HTMLCanvasElement.prototype.toDataURL": 56.69,
    "Screen.prototype.availWidth": 57.48,
    "Screen.prototype.availHeight": 65.65,
    "SharedWorker.prototype.constructor": 77.09,
    "Navigator.prototype.deviceMemory": 77.73,
    "WebGL2RenderingContext.prototype.getShaderPrecisionFormat": 82.3,
    "window.outerWidth": 93.81,
    "WebGL2RenderingContext.prototype.getExtension": 97.73,
    "Navigator.prototype.storage": 104.16,
    "Sensor.prototype.start": 105.92,
    "Navigator.prototype.getBattery": 110.74,
    "WebGL2RenderingContext.prototype.getContextAttributes": 111.65,
    "WebGL2RenderingContext.prototype.getParameter": 123.53,
    "Navigator.prototype.appCodeName": 126.07,
    "Navigator.prototype.hardwareConcurrency": 126.62,
    "DeviceMotionEvent.prototype.rotationRate": 140.08,
    "WebGL2RenderingContext.prototype.readPixels": 143.15,
    "Navigator.prototype.mediaDevices": 143.39,
    "Navigator.prototype.webkitPersistentStorage": 148.84,
    "DeviceMotionEvent.prototype.acceleration": 154.46,
    "window.screenX": 164.78,
    "window.screenY": 170.69,
    "window.outerHeight": 177.73,
    "window.openDatabase": 184.71,
    "window.screenLeft": 185.53,
    "window.screenTop": 195.93,
    "DeviceOrientationEvent.prototype.absolute": 243.44,
    "Navigator.prototype.productSub": 244.99,
    "MediaDevices.prototype.enumerateDevices": 295.05,
    "Navigator.prototype.mediaCapabilities": 297.08,
    "Screen.prototype.availLeft": 316.11,
    "DeviceMotionEvent.prototype.accelerationIncludingGravity": 401.45,
    "DeviceOrientationEvent.prototype.alpha": 491.03,
    "WebGLRenderingContext.prototype.readPixels": 573.35,
    "WebGLRenderingContext.prototype.getShaderPrecisionFormat": 577.23,
    "Screen.prototype.availTop": 697.25,
    "WebGL2RenderingContext.prototype.getSupportedExtensions": 708.95,
    "AudioBuffer.prototype.getChannelData": 731.13,
    "DeviceOrientationEvent.prototype.gamma": 854.41,
    "OfflineAudioContext.prototype.constructor": 881.88,
    "DeviceOrientationEvent.prototype.beta": 969.11,
    "WebGLRenderingContext.prototype.getSupportedExtensions": 1531.25,
    "Navigator.prototype.vendorSub": 2143.79,
    "Navigator.prototype.keyboard": 2216.74,
    "WebGLRenderingContext.prototype.getContextAttributes": 2533.19,
    "CanvasRenderingContext2D.prototype.isPointInPath": 4450.94,
    "Gyroscope.prototype.x": 4450.94,
    "Gyroscope.prototype.y": 4450.94,
    "Gyroscope.prototype.z": 4450.94,
    "Gyroscope.prototype.constructor": 4450.94
}

"window.devicePixelRatio" (21.48) to me seems like the last "legitimate" api, but I don't know.