Open Bug 1554751 Opened 2 years ago Updated 29 days ago

Consider to change the spoof value of window.devicePixelRatio

Categories

(Core :: DOM: Security, enhancement, P2)

enhancement

Tracking

()

People

(Reporter: ethan, Unassigned)

References

(Blocks 4 open bugs)

Details

(Whiteboard: [fingerprinting][fp-triaged][domsecurity-active])

The Window property devicePixelRatio returns the ratio of the resolution in physical pixels to the resolution in CSS pixels for the current display device. This value could also be interpreted as the ratio of pixel sizes: the size of one CSS pixel to the size of one physical pixel. In simpler terms, this tells the browser how many of the screen's actual pixels should be used to draw a single CSS pixel. [1]

When the pref "privacy.resistFingerprinting" is set as true, we spoof the value of window.devicePixelRatio as 1, regardless of the real ratio. This behavior increases the protection of user privacy by reducing the entropy of the browser client fingerprint. However, it causes a side-effect that some web pages become blurred with the spoofed value, such as Google Spreadsheet. [2]

Changing the spoof value as 1.5 or 2 might resolve the blur issue, but we need to make sure such change won't cause other side-effects or breakage. This bug is filed to track the investigation work.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/devicePixelRatio
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1532859

Assignee: nobody → tihuang
Priority: -- → P2
Whiteboard: [fingerprinting][fp-triaged][domsecurity-active]
Blocks: 1532859
Blocks: 1533787
Blocks: 1428331
Blocks: 1537955

Unassign myself because I am no longer actively working on this.

Assignee: tihuang → nobody

According to https://developer.mozilla.org/en-US/docs/Web/API/Window/devicePixelRatio, changing it to 2 shouldn't result in any breakage, since if it's implemented as in the example (which might be the only proper way), it should only influence the actual size in memory rather than the display size. That is, the memory usage will be doubled in some steps of the rendering pipeline.

It's a performance penalty for the 96 dpi devices only. On Mobile devices and hidpi laptops the resource usage is expected.

On the other hand, if it really degrades the user experience such explicitly, it should be split from the privacy.resistFingerprinting and be privacy.resistFingerprinting.spoofDevicePixelRatio

You need to log in before you can comment on or make changes to this bug.