https://developer.mozilla.org/en-US/docs/Web/API/File/lastModified describes the .lastModified
property of a File
object in JavaScript (usually created when a user selects a file via a HTML <input type="file">
element; in-browser JavaScript served from a web page of course does not have limitless access to the user's file system!)
The docs contain the following cryptic security remark:
To offer protection against timing attacks and fingerprinting, the precision of
someFile.lastModified
might get rounded depending on browser settings. In Firefox, theprivacy.reduceTimerPrecision
preference is enabled by default and defaults to 20us in Firefox 59; in 60 it will be 2ms.
At a real stretch I can see how, hypothetically, file modification dates could be used for fingerprinting: if you can get a user select the same file in an <input type="file">
dialog on multiple sites, and you store the accurate-to-the-microsecond file modification date, then you can cross-reference them and notice that, voila, it's the same user (although this seems like a wildly far-fetched scenario!). But I'm at a total loss to imagine what "timing attacks" this rounding could protect against.
What are the attacks that this feature is actually supposed to prevent?