Stable OMEMO device IDs

[samhoseinkhani]

The device ID which is used in OMEMO constantly changes when session storage is cleared.

By changing the way of storing device ID in session we can generate a stable and unique ID for each device by using "Canvas Fingerprints"

[jcbrand]

It's a good suggestions, thanks.

I think it'll change when the browser gets updated however.

[samhoseinkhani]

@jcbrand Did you just check this link?
check the "Hash" in different browsers it will be unique and the same all the time...
canvas fingerprints are used in fraud detection in web applications.
by the way, would you like me to start working on it?

[jcbrand]

Yes I did check the link and am aware of how it works.

My point is that the browser version is one of the factors that can determine the uniqueness of the hash, so when the user updates their browser to a newer version, they're likely to get a different fingerprint hash.

[samhoseinkhani]

Umm maybe, but isn't it better than generating new device each time browsers session gets cleared?

[jcbrand]

Yes I think it is better, I was just stating one of the limitations of this approach.

[based-a-tron]

The issue here is somewhat misidentified. OMEMO device IDs are not cryptographically significant, per se. Canvas fingerprinting is unreliable, and more of a bug than a feature. Browsers like the Tor Browser Bundle specifically have features to prevent canvas interaction, as may more advanced and or privacy concerned users. I've written #3142 to talk about the issue more in depth and to discuss what I think might be a viable solution, and I would appreciate comment on it. Thank you.