[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #33541 [Applications/Tor Browser]: fingerprinting: zoom.min/maxPercent should be fixed at 100
#33541: fingerprinting: zoom.min/maxPercent should be fixed at 100
-------------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-resolution | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+--------------------------
Comment (by Thorin):
Replying to [comment:2 cypherpunks]:
> > as you can see from my test
>
> Where is that test to be seen?
I'm the author of TorZillaPrint
> As for the rest...
I'd have to check, but those two prefs wouldn't be enough (but would help,
I guess). I think `layout.css.devPixelsPerPx` overrides this. My main
concern is that it removes functionality. I get the point that users who
repeatedly zoom (and if i understand it correctly, they would have to
consistently do it on new windows, new tabs, new sessions: and probably
need to hit the same zoom level for precision tracking: and probably on
the same sites: and the sites would have to bother fingerprinting this)
could be a concern - but I think the threat is extremely low
In order to make that combination of events for end users even harder:
tighten zoom resistance to include domain changes per tab: i.e zoom once,
keep re-using that tab and your inner window dimensions are currently
"broken" consistently across domains for as long as you use that tab
This is the better solution IMO, and in fact solves the problem you
describe (I can't imagine anyone putting up with having to zoom everything
all the time: they would be using system accessibility options or changing
the OS's display sizes/dpi or whatever)
--
The ultimate solution, but I'm not entirely sure if it's feasible (or is
but low priority and/or a lot of work), is that zoom could trigger
letterboxing to re-calculate: but AFAIK zoom was explicitly left out in
the RFP patch for technical/complexity issues (read
https://bugzilla.mozilla.org/show_bug.cgi?id=1407366#c0 ) <- I'll ping tom
(tom is the letterbox author)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33541#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs