Closed Bug 1642613 Opened 5 years ago Closed 5 years ago

privacy.resistFingerPrinting control of window size on startup increases number of identifying bits

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
68 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1407366

People

(Reporter: grive, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

  • Enable privacy.resistFingerPrinting
  • Close Firefox
  • Open Firefox
  • Measure fingerprinting bits with starting window size: 14.31 due to screen size, per Panopticlick
  • Maximize window, in a screen with a common resolution (1080p).
  • Measure fingerprinting bits with maximized window size: 12.34 due to screen size, again per Panopticlick

Actual results:

Enabling the resistFingerPrinting option, Firefox (correctly) ignored the profile configuration regarding window geometry. Unfortunately, the values Firefox used as default actually increases the number of bits of identifying information, making recognition easier.

Expected results:

A set of common resolutions should be used as baselines. Upon starting, Firefox should select the one immediately below or equal to the last resolution used. Potentially even the maximized size could be used.

The following bug seems to tackle an adjacent issue with a similar solution: https://bugzilla.mozilla.org/show_bug.cgi?id=1560816 .

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core

AI is not good enough :-)

Component: Widget: Gtk → DOM: Security

The solution we have devised for this to keep layout unbroken is letterboxing, which is enabled separately from RFP with privacy.resistFingerprinting.letterboxing

You are right, I did not know about this feature. The value does not exist by default though, I had to add privacy.resistFingerprinting.letterboxing manually as a boolean to true, and restart Firefox. On panopticlick, the entry bits are then down to 7.5.

That's great, but this feature should be made default, the behavior is better than using an artificially reduced window, that most users will simply maximize. At minima the value should exist (off by default if that's an issue) to ease discoverability.

Thanks in any case! Sorry about not finding the other discussion, I did not know the term letterboxing.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.