Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn’t browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.
No, simply because even with pure CSS and even pure HTML you can find ways to leak some information about the browser. For example, a background image that only loads on 1920x1080, another for 2560x1440, and so on. Make hundreds of those for every possible resolution (they can be the same file on the server but at a different path), and there you go, you now figured that the client downloaded
img/background/2448x1280.png
from the server logs. You can use the same trick for fonts as well, you just apply the same trick on a box on the page that is sized based on text content. Repeat for every font you want to test for.There’s just a ton of those little features that are for performance optimizations because loading a 4K background on a 480p phone is a bad experience for everyone involved. Sometimes you need to know the size of some elements to position other elements relative to it. You need the mouse cursor position to open popups at the right place. You need the window size to realign popups and modals. You’d have to go back to text based only sites like it’s the 80s and 90s to avoid that kind of fingerprinting.
And thus Tor’s solution: everyone’s got the same window size, same fonts and everything.
Tor Browser does, but differently. It attempts to behave in the same way an all platforms, ignores installed libs/fonts/etc, uses letterboxing against resolution fingerprinting.
https://support.torproject.org/tbb/maximized-torbrowser-window/
same way on all platforms
too bad
navigator.platform
still returns Linux instead of Windows…
No, there is no way to prevent sites from uploading the info besides just not providing it in the first place.
And because of how programming languages work, there’s no way for the browser to identify that data being uploaded “is” anything specific, especially when there’s things like encryption, obfuscation or just re-arranging the data itself into larger collections of data.
LibreWolf can mitigate resolution tracking with an opt-in feature but it creates spacing around the windows so it’s very inconvenient for many people. Idk any other browsers that do it.
Sounds like you are talking about Firefox’s letterboxing feature which you can enable/disable independently from full fingerprinting resistance.
I thought it’s a LibreWolf feature?
The letterboxing feature has been in Firefox since 2019 - starting from Firefox 67 I think. The preference for it might have been hidden though so maybe it’s just relatively unknown feature - I don’t know if or how visible LibreWolf makes makes it for the user. But regardless, any modern Firefox variant probably has that capability.
In LibreWolf there’s a toggle in settings for it. That’s one of the disadvantages of Firefox. It has so many features but everything in hidden in a config file. They could just create an “advanced settings” menu.
Yeah… It’s a bit hard to balance things like this though, I’ve seen lot’s of folks complain about how their Firefox is apparently “broken” because it now suddenly has this empty margin around web-content seemingly wasting space for no reason - and then it turns out that they have deliberately turned this very feature on. And that is even if the feature is completely hidden - I wonder how many more complaints there would be if options like this are made more accessible.
Only you are responsible for what you turn on. It’s good to have a description of the feature with warnings about the potential inconveniences it can cause (like LibreWolf does) but the responsibility is still on the user.
Wtf@this dude’s post history.