22553 2013-07-03 14:22:48 +0000 navigator.plugins and navigator.mimeTypes 2013-07-09 01:20:42 +0000 1 1 1 Unclassified WHATWG HTML unspecified Other other RESOLVED FIXED P3 normal Unsorted 22406 1 ian ian bzbarsky ian mike contributor oldest_to_newest 90224 0 ian 2013-07-03 14:22:48 +0000 Need to spec navigator.plugins, since everyone implements it and nobody else is speccing it. 90305 1 ian 2013-07-04 00:07:06 +0000 Man, this is a horrible fingerprinting vector. See also: https://bugzilla.mozilla.org/show_bug.cgi?id=757726 That bug suggests randomising the order and limiting the enumerable list to only well-known values, but still leaving rare plugins in the list so they can be tested for. (It similarly limits navigator.mimeTypes, obviously.) This seems insufficient for any serious attempt at preventing fingerprinting. 90307 2 ian 2013-07-04 00:08:58 +0000 bz: You really think we should keep this around? Is there not some way we can keep it around in a Web-compatible way that is just the same on every browser? 90309 3 ian 2013-07-04 00:09:47 +0000 *** Bug 22554 has been marked as a duplicate of this bug. *** 90322 4 bzbarsky 2013-07-04 03:24:50 +0000 I don't know. I do know we've had sites break on us when we broke something about navigator.plugins (largely by failing to instantiate Flash as needed). I can't speak to navigator.mimeTypes... From a purely theoretical perspective, I would love these to die a horrible death. I'm just not sure I can remove them from Gecko any time in the next several years, say. :( We _are_ hoping to get away without plug-ins entirely in Servo, though. 90428 5 ian 2013-07-08 19:36:48 +0000 Ok well I guess I'll spec it for now. 90433 6 contributor 2013-07-09 01:19:57 +0000 Checked in as WHATWG revision r8036. Check-in comment: navigator.plugins and company http://html5.org/tools/web-apps-tracker?from=8035&to=8036