Enabling webauth on Mullvad browser

Parish2555 · December 1, 2023, 6:20pm

Does enabling webauth to use my yubikey to login to sites when using the browser make my fingerprint so unique as to defeat the purpose of using the browser?

Redoomed · December 1, 2023, 6:30pm

github.com/mullvad/mullvad-browser

Enable WebAuthn Support

opened 01:30AM - 11 Apr 23 UTC

jonaharagon

feature request fingerprinting

I think this issue is being tracked upstream at https://gitlab.torproject.org/tp…o/applications/tor-browser/-/issues/26614, but I want to make sure this is being tracked here to see if Mullvad Browser can diverge from Tor Browser in this regard. I think this is a really strange reason for Tor Project to hold back WebAuthn support anyways, unless they have some secret reason WebAuthn isn't good that I can't find in any of their discussions. Enabling `security.webauth.webauthn` seems to be the only thing needed to get this feature working, but I don't know what the fingerprinting implications are of enabling it by default? (obviously enabling it manually on the user-level would make the browser unique and would therefore be discouraged). I think this is a pretty major usability issue, especially given how heavily hardware keys are encouraged for what I think is the primary demographic of this browser. I also think the lack of Passkey (CTAP 2.0) support is an even bigger usability issue, but there might be less you can do about that until [Firefox adds support for it](https://bugzilla.mozilla.org/show_bug.cgi?id=1530370).

Just to make this entirely clear: Enabling security.webauth.webauthn manually is indeed fingerprintable:
If it’s enabled navigator.credentials (and some classes on window) will be set which are otherwise undefined.

jonah · December 1, 2023, 6:31pm

It is fingerprintable, yes. This is one of the reasons we recommend using a browser like Firefox for trusted websites which you log in to, and Mullvad Browser for other browsing.

Topic		Replies	Views
Mullvad Browser's fingerprint is different than Tor Browser's Tool Suggestions approved	7	934	February 3, 2024
Mullvad Browser Tool Suggestions completed	39	4146	April 11, 2023
Mullvad Browser; Adding Bitwarden, Ublock Origin lists? Questions	5	1531	July 15, 2023
Browser Compartmentalization and Mullvad Browser settings Questions browsers	13	974	March 4, 2024
How well does Safari’s anti-fingerprinting work? Questions browsers	5	1398	June 7, 2023

Enabling webauth on Mullvad browser

Related Topics