Closed
Bug 1402557
Opened 8 years ago
Closed 8 years ago
Firefox window size and maximized state doesn't persist
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fix-optional |
People
(Reporter: bugzilla, Unassigned)
Details
(Whiteboard: [fingerprinting])
When you set: privacy.resistFingerprinting;true it will result in the browser window to no longer be maximized, remain that way or startup again maximized.
After this setting, the browser starts up in the center of the screen, fixed at the same non-maximized square size and no longer respects the maximized or resized dimensions.
The expected result would be that it would not affect the behavior of the Firefox's application window dimensions on the user side while performing the "security" functions of the setting above.
Disabling this option by setting it to false immediately restores proper behavior, forcing the user to choose between expected functionality and behavior or taking advantage of the security feature.
It makes no reasonable sense that the user can manually maximize and use the browser and the feature functions as intended but it forces itself to open to the same location, dimension each time - which if randomization is the point then it is failing at that, since using the same size and location, just not maximized at start seems rather dysfunctional and predictable. So there is no valid reason why this behavior should be happening.
I have marked this as normal but the fact that you have to sacrifice a security feature to get your functionality back, seems a rather huge flaw. Being basically forced to choose between security or functionality can harm users who choose to abandon security to restore function.
|
||
Comment 1•8 years ago
|
||
Doesn't need to be security-sensitive.
Tom, any idea what's going on here?
Group: firefox-core-security
Flags: needinfo?(tom)
|
||
Comment 2•8 years ago
|
||
Passing to Tim and Arthur (although Tim is out this week)
Flags: needinfo?(tom)
Flags: needinfo?(tihuang)
Flags: needinfo?(arthuredelstein)
Whiteboard: [fingerprinting]
|
||
Updated•8 years ago
|
status-firefox57:
--- → fix-optional
|
||
Comment 4•8 years ago
|
||
Thank you for inquiring about this, GµårÐïåñ.
When "privacy.resistFingerprinting" is enabled, the width of the content rectangle in a new window is set to a multiple of 200 pixels, and the height is set to a multiple of 100 pixels. New windows are never maximized.
This behavior was introduced to protect users from being fingerprinted (identified or tracked) by their window size or by their screen size. The idea is not to randomize window size, but rather to make users look identical to fingerprinting scripts.
Flags: needinfo?(tihuang)
Flags: needinfo?(arthuredelstein)
But how does that actually do that, given that everyone is going to maximize the window immediately after it loads anyway, how does starting it up with this limitation actually make everyone look the same or protect them?
It makes no sense, while on paper it might seem proper, in reality it makes no sense how starting up a browser under this restriction in any way will protect the user against their ACTUAL behavior of having their window maximized. In fact if you want to avoid it, maximizing the window is the best way to obscure it rather than using multiples of 200x100 which in effect also gives the persistent size of a given user's monitor size.
Since on any given user, the multiple method still ends up making up a consistently same screen size, how is that different than being fulling maximized? This makes zero logical sense. Unless regardless of their screen size, you open everyone under the sun at 640x480 then you are NOT making them all look the same because your multiple system is still giving the ratio aspect of their monitor size, which is no different in effect to maximizing to the full window size.
At least then, you have a huge buckets of people with the same screen size which will have the same effect, your logic is flawed, at least as presented below.
|
|
||
Comment 6•8 years ago
|
||
(In reply to GµårÐïåñ from comment #5)
> But how does that actually do that, given that everyone is going to maximize
> the window immediately after it loads anyway, how does starting it up with
> this limitation actually make everyone look the same or protect them?
I think you are right that many users will maximize their window after it loads. In Tor Browser, we present a warning to users informing them that maximizing the window is bad for their privacy, and I hope we can upstream that warning to Firefox. Thanks for the reminder -- I have opened Bug 1403747 for that.
> It makes no sense, while on paper it might seem proper, in reality it makes
> no sense how starting up a browser under this restriction in any way will
> protect the user against their ACTUAL behavior of having their window
> maximized. In fact if you want to avoid it, maximizing the window is the
> best way to obscure it rather than using multiples of 200x100 which in
> effect also gives the persistent size of a given user's monitor size.
I don't think that's correct. Multiples of 200x100 hide most (but not all) bits of entropy in a user's screen size fingerprint. On the other hand, maximizing a window provides all bits and reveals the user's potentially unique available screen rectangle (unhidden screen.availWidth x screen.availHeight), which is a combined result of screen size, task-bar, toolbars, window title bar, window border, etc. I agree that it may be possible to construct a better set of allowed window sizes that reduces entropy further or improves usability. But I don't think we can simply ignore this problem if we want to provide real anti-fingerprinting protection.
|
|
||
Comment 7•8 years ago
|
||
Resolving as this is working as intended.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
|
||
Comment 8•6 years ago
|
||
Firefox 68.0 last beta always starts with unmaximize state in a fixed size. startup windows size doesn't change.
|
|
||
Comment 9•6 years ago
|
||
(In reply to Saadi Shamsaee from comment #8)
Firefox 68.0 last beta always starts with unmaximize state in a fixed size. startup windows size doesn't change.
Please file a separate bug.
|
|
||
Comment 10•6 years ago
|
||
(In reply to :Gijs (he/him) from comment #9)
(In reply to Saadi Shamsaee from comment #8)
Firefox 68.0 last beta always starts with unmaximize state in a fixed size. startup windows size doesn't change.
Please file a separate bug.
Now when i disabled 'resist fingerpring' problem fixed. need to create a new bug report?
|
|
||
Comment 11•6 years ago
|
||
(In reply to Saadi Shamsaee from comment #10)
(In reply to :Gijs (he/him) from comment #9)
(In reply to Saadi Shamsaee from comment #8)
Firefox 68.0 last beta always starts with unmaximize state in a fixed size. startup windows size doesn't change.
Please file a separate bug.
Now when i disabled 'resist fingerpring' problem fixed. need to create a new bug report?
No, thanks for clarifying.
You need to log in
before you can comment on or make changes to this bug.
Description
•