[tbb-bugs] #14429 [Tor Browser]: Automated rounding of content window dimensions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 29 15:18:31 UTC 2015
#14429: Automated rounding of content window dimensions
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
arthuredelstein | Status: needs_revision
Type: defect | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-fingerprinting-resolution, tbb-
Browser | torbutton
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
Replying to [comment:4 arthuredelstein]:
> Replying to [comment:3 gk]:
> > The challenge here has never been to enforce rounding of a window by a
certain multiple of, say 100. The challenge is to achieve that AND don't
change how the browser looks like or behaves in important ways. I think a
viable improvement would at least be if we would prompt a user *before*
the window is actually maximized/in fullscreen mode (#7255) which we'd
need anyway even if we don't take this patch but just make the user aware
that she is about to shoot herself in the foot.
>
> I don't understand this approach. Why would we want to permit users to
shoot themselves in the foot, even after a warning? Some users won't
understand the warning and will get deanonymized. I think in practice, we
should be protecting users from this easy and fatal mistake.
>
> Of course, it's not just maximizing or fullscreen that is dangerous --
any resizing is dangerous.
There are at least two things to consider IMO: 1) There are use cases
where resizing/maximizing a window or making a window fullscreen is no
shooting oneself in the foot at all. 2) If we make the usability burden
too high, users are going away from Tor Browser and reducing the anonymity
group for all other users as well.
Wrt to 2) remember we even allow the user to activate Flash in Tor Browser
and allowing that may have much worse consequences than the screen
resizing problem. But we do that for a reason while all the other plugins
are not allowed to run at all. I think we should at least allow a user to
opt out of the automatic rounding of browser windows, too. And not
allowing 1) is even more problematic, I think (and I could come up ad hoc
with a bunch of scenarios where resizing is no problem at all). So as I
said: We should at least do #7255 + the fix here, trying to impact
usability as little as possible even if we have the prompt in order to not
make users upset to a point where they choose a different browser. The
plan Mike had on IRC is a good one:
{{{
22:44 < mikeperry> so I think the best plan is to combine #14429 and #7255
together,
so that we do the trim/forced window size by default,
but then
give users a "Don't do this in the future" confirm
dialog or
doorhanger?
22:44 < mikeperry> so they could opt out and actually resize their window
freely if
they want
}}}
We could even be smarter showing a (different?) dialog (additionally)
warning a user who is resizing the browser window although it is already a
rounded one (if the user did not opt out yet).
(Personally, and this is 3), users should have the right to shoot
themselves in the foot if they want to but that is orthogonal to the much
more important 1) and 2)).
> > And, yes, zooming (#7256) is an interesting approach which might get
us around all of the rounding issue...
>
> I agree that zooming could help cosmetically, but if the user resizes
the window, trying to see more of a page, and the page zooms instead, that
could be frustrating, too.
I did not say it is easy... ;)
That#s the global view I have in mind. Hopefully, it makes at least a bit
sense. :) I have to think about your patch and some really good options a
bit more...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14429#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list