Closed
Bug 1450561
Opened 7 years ago
Closed 1 year ago
Resist screen elements dimensions fingerprinting
Categories
(Core :: DOM: Security, enhancement, P5)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: kolan_n, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor][fingerprinting][domsecurity-backlog1][fp-triaged])
Hello. Some webpages now use screen elements dimensions for determining other elements dimensions. This API in its current state allows fingerprinting. And we cannot remove that API because some webdevs may put the message "Chrom(?:e|ium)(?:-like)? or GT\*O" and will be right. So we need another way.
I wonder if it is possible to render webpages on a virtual screen of fake static resolution (for example even if the whole screen is 1 virtual pixel wide and 1 v. px. high, the websites normalizing sizes on resolutiom should work fine, but surely we need just to take the most widespread not to break the sites expecting integers and making the browsers less unique), making web browser to translate the sizes to the correct ones itself and why such an obvious idea have not been implemented yet. Of course there will be some distortions when rendering raster content, but I guess they are tolerable.
|
||
Comment 1•7 years ago
|
||
This would be related to our anti-fingerprinting effort (see privacy.resistFingerprinting in about:config).
Component: Tracking Protection → DOM: Security
Product: Firefox → Core
|
||
Updated•7 years ago
|
Blocks: uplift_tor_fingerprinting
Whiteboard: [fingerprinting]
|
||
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [fingerprinting] → [fingerprinting][domsecurity-backlog1]
|
||
Comment 2•6 years ago
|
||
Thanks for the interesting idea. But right now, we propose to mitigate the window dimension fingerprinting vector by the "letterboxing" approach, which will be implemented in bug 1407366.
Priority: P3 → P5
See Also: → letterboxing
Whiteboard: [fingerprinting][domsecurity-backlog1] → [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
|
||
Updated•2 years ago
|
Severity: normal → S3
|
|
||
Comment 3•1 year ago
|
||
As letterboxing is implemented, we don't intend to experiment with this.
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•