[tbb-bugs] #14429 [Tor Browser]: Automated rounding of content window dimensions

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 29 14:13:11 UTC 2015


#14429: Automated rounding of content window dimensions
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  arthuredelstein        |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting-resolution, tbb-
  Browser                |  torbutton
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by guywith2c):

 Replying to [comment:6 arthuredelstein]:
 > Here's a new version of the patch that auto-trims the window after the
 user resizes it. That way we don't have ugly gray bars taking up a lot of
 screen space.

 Seeing that screen-size is the SINGLE BIGGEST identifier (containing more
 bits than all the other identifying tokens combined together), I take here
 liberty to digress:

 If I may, I vote about comment 5's improvements thusly:

  - against (1) - maximized window should stay maximized and keep the
 scrollbar on the right edge, if possible, AND the gray areas could/should!
 be used as interactive privacy area of "warning":
     - idea: when a user hovers over this "ugly grey area", she is informed
 :
 "
 In this tab you have Javascript enabled, thus making you be 2^k^ [k ==
 whatever panopticlick.eff.org suggests] times more easily identifiable
 (attacker will only have to find your browser in K [K == what panopticlick
 says] possible ones).
   -- To increase privacy, disable javascript for this tab by clicking
 _here_, and your inner window will get maximized to size of outer
 maximized window to get rid of this "large gray(or warning-red) area".

   --  To keep at current privacy level for this tab, keep this ?annoying?
 large gray area.

   --  To decrease privacy for this tab, click _here_ and your inner window
 will be maximized, thus possibly identifying your browser as uniqe and so
 creating a very strong evidence of this browser's visit of this web page
 at this time and the following linked websites may be also aware of this
 evidence: google-ananlytics.com , google.com, adserve.net, ...
 "


  - {200,100}x{200,100} or even {200,100,50}x{200,100,50}   in (2). Going
 to 50 pixels might remove too much privacy - maybe in a year or two when
 more people use it, this could be stepped down to 50 pixels

  - for (3) - make this list accessible by the hover describe in my first
 vote above.

  - for (4) - ditto.

  In other words, PLEASE do use these "large gray areas" to make people
 aware of the (HUGE!!!) implications of screen size uniqueness => de-
 privatness (whoa, I got a new word here ! :) ) And use it to let them /
 make them choose.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14429#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list