Consider to change the spoof value of window.devicePixelRatio
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
People
(Reporter: ethan, Unassigned)
References
(Blocks 4 open bugs)
Details
(Whiteboard: [fingerprinting][fp-triaged][domsecurity-active])
The Window property devicePixelRatio returns the ratio of the resolution in physical pixels to the resolution in CSS pixels for the current display device. This value could also be interpreted as the ratio of pixel sizes: the size of one CSS pixel to the size of one physical pixel. In simpler terms, this tells the browser how many of the screen's actual pixels should be used to draw a single CSS pixel. [1]
When the pref "privacy.resistFingerprinting" is set as true, we spoof the value of window.devicePixelRatio as 1, regardless of the real ratio. This behavior increases the protection of user privacy by reducing the entropy of the browser client fingerprint. However, it causes a side-effect that some web pages become blurred with the spoofed value, such as Google Spreadsheet. [2]
Changing the spoof value as 1.5 or 2 might resolve the blur issue, but we need to make sure such change won't cause other side-effects or breakage. This bug is filed to track the investigation work.
[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/devicePixelRatio
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1532859
Reporter | ||
Updated•2 years ago
|
Comment 1•2 months ago
|
||
Unassign myself because I am no longer actively working on this.
According to https://developer.mozilla.org/en-US/docs/Web/API/Window/devicePixelRatio, changing it to 2 shouldn't result in any breakage, since if it's implemented as in the example (which might be the only proper way), it should only influence the actual size in memory rather than the display size. That is, the memory usage will be doubled in some steps of the rendering pipeline.
It's a performance penalty for the 96 dpi devices only. On Mobile devices and hidpi laptops the resource usage is expected.
On the other hand, if it really degrades the user experience such explicitly, it should be split from the privacy.resistFingerprinting and be privacy.resistFingerprinting.spoofDevicePixelRatio
Description
•