Consider a Timezone Permission for Resist Fingerprinting
Categories
(Core :: Security, enhancement, P5)
Tracking
()
Tracking | Status | |
---|---|---|
firefox59 | --- | affected |
People
(Reporter: tjr, Unassigned)
References
Details
(Whiteboard: [fingerprinting][fp-triaged])
Comment 1•7 years ago
|
||
Comment 2•7 years ago
|
||
Comment 3•7 years ago
|
||
Updated•7 years ago
|
Reporter | ||
Comment 4•7 years ago
|
||
Updated•7 years ago
|
Comment 6•7 years ago
|
||
Reporter | ||
Comment 7•7 years ago
|
||
Reporter | ||
Updated•6 years ago
|
Comment 10•3 years ago
|
||
While this will solve the issue with timezone mismatches on sites that don't let you use a user preference to override the browser's setting, an automatic pop-up triggered by a site requesting the time zone is an annoyance to the user. Let's not repeat the "example.com wants to: Know your location" usability issue (there are myriads of sites online that show users how to disable these alerts).
The best compromises I can come up with are, in no particular order, not exclusive:
- Suppress time zone queries (today's functionality). The locationbar's shield dialog can toggle the site's TZ visibility
- Same as #1 but the shield changes color when the TZ was queried by the site's JS (no auto-popup!)
- Pop up alongside other permissions requests (but not standalone)
- Expose a new custom (... nonstandard) option that sites can use to request permission
- Expose nothing, allow timezone transparency via bug 1364261 instead
It would be a burden for somebody to maintain a list of sites that need this information for usability, especially since different users would likely disagree about which sites should make the list (basically, more similar to NoScript than to ad blockers), so I think that's out. However, it would be useful to be able to suppress the popup or color change proposed by my bullets 4 and 2.
Updated•2 years ago
|
Updated•6 months ago
|
Description
•