Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The extension forcefully override navigator.hardwareConcurrency #2375

Open
kaplun opened this issue Dec 8, 2023 · 1 comment
Open

The extension forcefully override navigator.hardwareConcurrency #2375

kaplun opened this issue Dec 8, 2023 · 1 comment

Comments

@kaplun
Copy link

kaplun commented Dec 8, 2023
edited

Description

When using DuckDuckGo Privacy Extension, the extension forcefully overrides the navigator.hardwareConcurrency information provided by the browser. This in turns causes many websites, services and extensions that probe this number to actually under-perform as they are going to assume there are only 2 CPU Logical Cores available instead of the actual number.

Steps to Reproduce

  1. Have DuckDuckGo Privacy Extension enabled
  2. Download e.g. some large files previously uploaded on https://drive.proton.me (Proton Drive employes parallelization in order to optimize download speed and decryption of e2ee files. With the extension enabled network utilization is suboptimal because only one block at a time is downloaded, instead of multiple parallel blocks.

Expected behavior:
Given how critical this number is for performance I'd expect as a user to have control whether this value is overridden by the extension or rather the real number of logical cores is exposed

Actual behavior:

Versions

  • Extension: 2023.11.17
  • Browser: Firefox (but actually any browser)
  • OS: Windows (but actually any OS)

Additional Information

The actual line enforcing this is here: https://github.com/search?q=repo%3Aduckduckgo%2Fduckduckgo-privacy-extension%20hardwareConcurrency&type=code
@sammacbeth sammacbeth mentioned this issue Dec 27, 2023
Merged
@sammacbeth
Copy link
Collaborator

Thanks for filing this. This is one of our fingerprinting protections - we fix this, and several other hardware values to the same value for all users to make it so this cannot be used for fingerprinting by trackers. Your example on proton.me seems to be a rare example of a site using navigator.hardwareConcurrency for its actual purpose, rather than fingerprinting, and our chosen value for it may be a bit low for most extension users.

I've opened duckduckgo/privacy-configuration#1679 to mitigate the issue on proton.me, and opened a task internally to discuss how to deal with valid usages of this API. If you know of other sites with issues, please let us know so we can mitigate any issues there too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaplun @sammacbeth