Open Bug 1532859 Opened 5 years ago Updated 7 days ago

privacy.resistFingerprinting makes Google Spreadsheet text blur

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

Tracking Status
firefox65 --- affected
firefox66 --- affected
firefox67 --- affected

People

(Reporter: lilydjwg, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1][tor][fingerprinting][fp-triaged])

Attachments

(4 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

Steps to reproduce:

Actual results:

The text inside the spreadsheet is a little blur.

Expected results:

The text inside the spreadsheet should be as clear as outside (or with privacy.resistFingerprinting = false).

Hey it says Firefox/60.0 but I'm actually using nightly of 20190302. That option took effect when I submitted this bug.

Version: 60 Branch → Trunk

I took screenshots with this option enabled and disabled using the builtin screenshot tool, and found that all text are clear in the screenshot but the two images have different size: the disabled one is 1.5x larger each dimension that the enabled. I've set my monitor to 120dpi, but that's 1.25x than the classic 96 dpi. I have a scaled-up monitor connected, setup with xrander --scale 0.75x0.75.

I'm attaching screenshots from the builtin screenshot tool and an OS tool.

I can reproduce this problem. Tim, do you have any idea why would this happen?

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(tihuang)
Priority: -- → P2
Component: Untriaged → DOM: Security
Product: Firefox → Core

In the first two pictures it's clearly using a different font entirely. We may be disabling downloadable fonts, and the built-in default one is terrible?

Priority: P2 → P3
Whiteboard: [domsecurity-backlog1]

I don't think it's a different font, and I don't have such a blurry one in the fonts the page uses. It seems the page incorrectly scales the rendered text, making it blurry. You can see in the second picture all text is blurry, which is not what I see (the last picture).

Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1][tor][fingerprinting][fp-triaged]
  1. Open a Google Spreadsheet in Firefox
  2. Open [Tools] > [Inspector] and search "canvas" element.

privacy.resistFingerprinting = false

<canvas style="position: absolute; top: 0px; left: 0px; z-index: 2; width: 1428px; height: 405px; padding-top: 0.183334px; padding-left: 0px;" moz-opaque="" width="2856" height="810" dir="ltr"></canvas>

privacy.resistFingerprinting = true

<canvas style="position: absolute; top: 0px; left: 0px; z-index: 2; width: 1428px; height: 405px; padding-top: 0px; padding-left: 0px;" moz-opaque="" width="1428" height="405" dir="ltr"></canvas>

When resistFingerprinting is turned on, the width and height values in the canvas element are reduced to half.

It seems this effect was caused by bug 418986 (window.screen and CSS media queries provide a large amount of identifiable information). But I am not 100% sure yet.

See Also: → 418986

Sorry for the late response.

I believe this blur is caused by the spoofing of window.devicePixelRatio when RFP is on: we spoof this value into 1.0. I believe that Window.devicePixelRatio could affect the setting of canvas in Google Spreadsheet [1]. Given that the ratio of 'width' and 'height' between RFP is on and off in comment 9 is 2, could you check the real window.devicePixelRatio value of your testing device, Ethan? I think it should be 2.0.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/devicePixelRatio

Flags: needinfo?(tihuang) → needinfo?(ettseng)

Hi Tim, I can confirm that my real window.devicePixelRatio corresponds to the ratio of the canvas size changes. (I don't know why it's 1.5 but it is.)

(In reply to Tim Huang[:timhuang] from comment #10)

I believe this blur is caused by the spoofing of window.devicePixelRatio when RFP is on: we spoof this value into 1.0. I believe that Window.devicePixelRatio could affect the setting of canvas in Google Spreadsheet [1]. Given that the ratio of 'width' and 'height' between RFP is on and off in comment 9 is 2, could you check the real window.devicePixelRatio value of your testing device, Ethan? I think it should be 2.0.

Sorry for being super late for this response.
Yes, the real devicePixelRatio on my device is 2.

Flags: needinfo?(ettseng)

Several similar blur issues are caused by spoofing window.devicePixelRatio.
I filed bug 1554751 as a central place to track the investigation and decision-making.

Depends on: 1554751

I got the same problem on wetty which uses xterm.js.

Have the exact same problem with the ESR release 93. weird

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: