Closed Bug 1609880 Opened 9 months ago Closed 7 months ago

No indication why global/default zoom does not work with privacy.resistFingerprinting enabled

Categories

(Firefox :: Preferences, defect, P5)

73 Branch
defect

Tracking

()

RESOLVED FIXED
Firefox 75
Tracking Status
firefox75 --- fixed

People

(Reporter: ke5trel, Assigned: morgan)

References

(Blocks 1 open bug)

Details

(Keywords: ux-userfeedback)

STR:

  1. Enable privacy.resistFingerprinting.
  2. Go to about:preferences and change the "Default zoom" setting (introduced in 73) to something other than 100%.

Expected:

Default zoom works or some explanation why it doesn't.

Actual:

Default zoom fails without explanation.

From a prefs perspective, I think this is probably a P5 given how few people will set privacy.resistFingerprinting and how much else it breaks, though I'm happy to take a patch that adds a reasonable string here if/when the pref is set.

Priority: -- → P5

(In reply to :Gijs (he/him) from comment #1)

From a prefs perspective, I think this is probably a P5 given how few people will set privacy.resistFingerprinting and how much else it breaks, though I'm happy to take a patch that adds a reasonable string here if/when the pref is set.

Jamie mentioned this might be a larger issue with Tor, and maybe we should be worried about compatibility there.

(In reply to Morgan Reschenberg [:morgan] from comment #2)

(In reply to :Gijs (he/him) from comment #1)

From a prefs perspective, I think this is probably a P5 given how few people will set privacy.resistFingerprinting and how much else it breaks, though I'm happy to take a patch that adds a reasonable string here if/when the pref is set.

Jamie mentioned this might be a larger issue with Tor, and maybe we should be worried about compatibility there.

That's fair. I'm not sure what the right solution is here - we could disable the visual pref in about:config and add some note next to it saying something along the lines of "default zoom has no effect while resistFingerprinting is on", but that wouldn't help people turning on resistFingerprinting after changing their zoom and wondering what happened to their default zoom factor...

Either way, if we're wanting to fix this it'll likely take strings, which means no uplifts, so if we're concerned about this bug we'll need to take that into account in terms of prioritization.

(In reply to :Gijs (he/him) from comment #3)

(In reply to Morgan Reschenberg [:morgan] from comment #2)

(In reply to :Gijs (he/him) from comment #1)

From a prefs perspective, I think this is probably a P5 given how few people will set privacy.resistFingerprinting and how much else it breaks, though I'm happy to take a patch that adds a reasonable string here if/when the pref is set.

Jamie mentioned this might be a larger issue with Tor, and maybe we should be worried about compatibility there.

That's fair. I'm not sure what the right solution is here - we could disable the visual pref in about:config and add some note next to it saying something along the lines of "default zoom has no effect while resistFingerprinting is on", but that wouldn't help people turning on resistFingerprinting after changing their zoom and wondering what happened to their default zoom factor...

Either way, if we're wanting to fix this it'll likely take strings, which means no uplifts, so if we're concerned about this bug we'll need to take that into account in terms of prioritization.

Hmm.. do you know if resistFingerprinting appears in UI in Tor? Like, are we exposing that pref (or controls for that pref) to the user anywhere other than about:config?
Either way, I'll talk to Jamie + team and see what they have to say.

(In reply to Morgan Reschenberg [:morgan] from comment #4)

Hmm.. do you know if resistFingerprinting appears in UI in Tor? Like, are we exposing that pref (or controls for that pref) to the user anywhere other than about:config?

I don't know; I think it might be set by default? Maybe Arthur can help.

Flags: needinfo?(arthur)

privacy.resistFingerprinting is on by default in Tor Browser. AFAIK it's not exposed in about:preferences in Tor Browser or in Firefox.

I'm not sure why default zoom is failing, but it might be an intentional part of resistFingerprinting. If a user has a particular non-default zoom level for a particular site and this is detectable by content, then that is leaking fingerprinting entropy.

Flags: needinfo?(arthur)

So I'm confused. Is turning on resistfingerprinting supposed to behave the same as turning off site-specific zoom? Because that's what I see happening on nightly when turning on privacy.resistFingerprinting and using the normal zoom UI... In that case, is this basically the same issue as default zoom not working well with site-specific zoom turned off? (bug 1603494)
If so, that probably means that we can dupe this over and increase the prioritization of bug 1603494...

Flags: needinfo?(mreschenberg)

FYI: original RFP & zoom: Bug 1369357

(In reply to :Gijs (he/him) from comment #7)

So I'm confused. Is turning on resistfingerprinting supposed to behave the same as turning off site-specific zoom? Because that's what I see happening on nightly when turning on privacy.resistFingerprinting and using the normal zoom UI...
Yes.

In that case, is this basically the same issue as default zoom not working well with site-specific zoom turned off? (bug 1603494)

Yes.

If so, that probably means that we can dupe this over and increase the prioritization of bug 1603494...

Agree :) Though it might be good to get a decision here on whether or not we feel strings to pass this info to the user are appropriate, in the case of regular firefox or tor (this issue in particular seems like it might be more specific to the latter, so we might opt for strings there and no strings in ff)

Flags: needinfo?(mreschenberg)
See Also: → 1369357, 1603494

(In reply to Morgan Reschenberg [:morgan] from comment #9)

(In reply to :Gijs (he/him) from comment #7)

If so, that probably means that we can dupe this over and increase the prioritization of bug 1603494...

Agree :) Though it might be good to get a decision here on whether or not we feel strings to pass this info to the user are appropriate, in the case of regular firefox or tor (this issue in particular seems like it might be more specific to the latter, so we might opt for strings there and no strings in ff)

Sorry, I'm sure I'm being dense here, but if we fix bug 1603494 then we don't need messaging, right? Things would "just work"?

Flags: needinfo?(mreschenberg)

(In reply to :Gijs (he/him) from comment #10)

(In reply to Morgan Reschenberg [:morgan] from comment #9)

(In reply to :Gijs (he/him) from comment #7)

If so, that probably means that we can dupe this over and increase the prioritization of bug 1603494...

Agree :) Though it might be good to get a decision here on whether or not we feel strings to pass this info to the user are appropriate, in the case of regular firefox or tor (this issue in particular seems like it might be more specific to the latter, so we might opt for strings there and no strings in ff)

Sorry, I'm sure I'm being dense here, but if we fix bug 1603494 then we don't need messaging, right? Things would "just work"?

Yeah, technically. So, right now enabling resist fingerprinting implies disabling siteSpecific zoom. [https://searchfox.org/mozilla-central/rev/1db5ef59eba65d32d6a29a494e87b6078453e559/browser/base/content/browser-fullZoom.js#16]

And the reason global zoom doesn't work when site specific zoom is disabled is because global zoom requires a call to _applyPrefToZoom, which, for some reason, doesn't fire when site specific is disabled. Looks like fixing the bug you mentioned is as straightforward as removing this if conditional [https://searchfox.org/mozilla-central/rev/1db5ef59eba65d32d6a29a494e87b6078453e559/browser/base/content/browser-fullZoom.js#456] but I don't have enough information on why that conditional is there in the first place to feel comfortable deleting it.

Flags: needinfo?(mreschenberg)

Marking as resolved, as this should work now due to bug 1603494

Status: NEW → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED

I came here to report this exact issue. I want to use resistFingerprinting but I also want the global zoom level to work.

There should be a setting for this.

If you have resistFingerprinting enabled then the global zoom level setting should be greyed out, with an option to override and enable it anyway if you understand the risks that it may make your browser fingerprint more unique.

I can't make sense of the related bug reports - can someone please tell me if this is going to be fixed soon?

(In reply to tennispro56 from comment #13)

I can't make sense of the related bug reports - can someone please tell me if this is going to be fixed soon?

This is fixed on nightly, I believe. https://nightly.mozilla.org/ , Firefox 75 - will reach the release channel in just over a month.

Assignee: nobody → mreschenberg
Target Milestone: --- → Firefox 75
You need to log in before you can comment on or make changes to this bug.