Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Round off high-resolution timers #15309

Merged
merged 8 commits into from
Oct 20, 2022
Merged

Round off high-resolution timers #15309

merged 8 commits into from
Oct 20, 2022

Conversation

arthuredelstein
Copy link
Collaborator

@arthuredelstein arthuredelstein commented Sep 30, 2022
edited
Loading

Includes rounding of DOMHighResTimeStamps and other timers with resolution higher than 1 ms.

Behind "BraveRoundTimeStamps" feature flag, enabled by default.

Resolves brave/brave-browser#24681

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@arthuredelstein arthuredelstein requested a review from a team as a code owner September 30, 2022 23:48
@github-actions github-actions bot added the CI/run-network-audit Run network-audit label Sep 30, 2022
goodov
goodov reviewed Oct 3, 2022
View reviewed changes
chromium_src/third_party/blink/common/features.cc Outdated Show resolved Hide resolved
chromium_src/third_party/blink/renderer/core/timing/time_clamper.cc Outdated Show resolved Hide resolved
chromium_src/third_party/blink/renderer/core/timing/time_clamper.cc Outdated Show resolved Hide resolved
chromium_src/third_party/blink/renderer/core/timing/time_clamper.cc Outdated Show resolved Hide resolved
chromium_src/third_party/blink/renderer/core/timing/time_clamper.h Outdated Show resolved Hide resolved
...ium_src/third_party/blink/renderer/modules/video_rvfc/video_frame_callback_requester_impl.cc Outdated Show resolved Hide resolved
chromium_src/third_party/blink/renderer/core/loader/document_load_timing.h Outdated Show resolved Hide resolved
@arthuredelstein arthuredelstein marked this pull request as draft October 4, 2022 07:23
@arthuredelstein arthuredelstein marked this pull request as ready for review October 10, 2022 06:03
@arthuredelstein arthuredelstein marked this pull request as draft October 15, 2022 05:50
@arthuredelstein arthuredelstein marked this pull request as ready for review October 18, 2022 03:29
goodov
goodov reviewed Oct 19, 2022
View reviewed changes
Copy link
Member

@goodov goodov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please rebase to latest master.

goodov
goodov approved these changes Oct 20, 2022
View reviewed changes
Copy link
Member

@goodov goodov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm with few nits.

chromium_src/third_party/blink/common/features.cc Show resolved Hide resolved
browser/brave_shields/brave_timestamp_rounding_browsertest.cc Outdated Show resolved Hide resolved
@arthuredelstein arthuredelstein merged commit 2f98d61 into master Oct 20, 2022
@arthuredelstein arthuredelstein deleted the issues/24681 branch October 20, 2022 22:15
@github-actions github-actions bot added this to the 1.47.x - Nightly milestone Oct 20, 2022
@outermeasure
Copy link

outermeasure commented Feb 26, 2023
edited
Loading

Why was privacy/security review skipped since this is a security feature? Does it actually increase security?

See discussion thread: w3c/hr-time#79
The official test for spectre is: https://wpt.live/hr-time/timing-attack.html, and Brave passes without the 1ms rounding.

The excessive rounding makes JS animations (ones that use requestAnimationFrame) janky and WebGL based browser games or apps unviable. I recommend going to 100 microseconds coarse resolution to be the same as Chrome.

Edit: Rounding to an integer is not helpful because an attacker can just repeat the timed operation 10^N times and find N decimals from performance.now().

@RazvanCalin13
Copy link

Why was privacy/security review skipped since this is a security feature? Does it actually increase security?

See discussion thread: w3c/hr-time#79 The official test for spectre is: https://wpt.live/hr-time/timing-attack.html, and Brave passes without the 1ms rounding.

The excessive rounding makes JS animations (ones that use requestAnimationFrame) janky and WebGL based browser games or apps unviable. I recommend going to 100 microseconds coarse resolution to be the same as Chrome.

Edit: Rounding to an integer is not helpful because an attacker can just repeat the timed operation 10^N times and find N decimals from performance.now().

Sounds like a solid reason to be dropping 'Brave' from the roster :)

@goodov
Copy link
Member

goodov commented Feb 28, 2023
edited
Loading

Why was privacy/security review skipped since this is a security feature? Does it actually increase security?

See discussion thread: w3c/hr-time#79 The official test for spectre is: https://wpt.live/hr-time/timing-attack.html, and Brave passes without the 1ms rounding.

The excessive rounding makes JS animations (ones that use requestAnimationFrame) janky and WebGL based browser games or apps unviable. I recommend going to 100 microseconds coarse resolution to be the same as Chrome.

Edit: Rounding to an integer is not helpful because an attacker can just repeat the timed operation 10^N times and find N decimals from performance.now().

@outermeasure
Can you share some examples please? We're trying to do the same thing Safari does, but maybe we're missing something. A simple https://codesandbox.io/ sketch with a clear reproduction would be amazing.

@bsclifton bsclifton mentioned this pull request Aug 13, 2024
Closed
25 tasks
@atuchin-m atuchin-m mentioned this pull request Sep 24, 2024
Closed
6 tasks
bridiver
bridiver reviewed Oct 9, 2024
View reviewed changes
browser/brave_shields/brave_timestamp_rounding_browsertest.cc
using blink::features::kBraveRoundTimeStamps;

class BraveTimeStampRoundingRenderViewTest
: public content::RenderViewTest,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you have a RenderViewTest in browser. This belongs in renderer

This was referenced Oct 13, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver left review comments

@goodov goodov goodov approved these changes

Assignees

@arthuredelstein arthuredelstein

Labels
CI/run-network-audit Run network-audit
Projects
None yet
Milestone
1.47.x - Release
Development

Successfully merging this pull request may close these issues.

[hackerone] performance.now and other timing APIs are fingerprinting vectors
5 participants
@arthuredelstein @outermeasure @RazvanCalin13 @goodov @bridiver