(In reply to Mats Palmgren (:mats) from comment #4)
It seems to me that would make them stand out since close to ~100% of clients will report either 'light' or 'dark'.
In theory, it doesn't really matter what the group of
privacy.resistFingerprinting (RFP) users actually report, as long as they are all the same. While it would be nice to try and spoof a common value, it is not strictly required.
This is why Tor Browser (TB) works, because all TB users have the same fingerprint (within reason, see ). The same principle applies to the set of RFP users. TB is not trying to hide that it is TB, and RFP is not trying to hide that it is RFP.
RFP users are easily identifiable anyway: Canvas will return a 10x10 white canvas.
available screen +
outer window and
inner window measurements will always be the same, as well as
mozInnerScreenX/Y will always be zero, and so on. There are a number of enforced RFP metrics that end users can't alter, that absolutely 100% reveal RFP is being used. That said, to repeat, it is nice to spoof common values :)
As per comment 2, users may tweak, so enforcement is necessary in order to harden the anti-fingerprinting approach here. What you guys choose is fine with me, as long as it's enforced.
 Obviously not everything is patched, and some items are deliberately split (fonts per OS, platform via JS, etc).