[tor-bugs] #32483 [Applications/Tor Browser]: Pref "full-screen-api.enabled" should probably be disabled in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 13 05:01:24 UTC 2019 

#32483: Pref "full-screen-api.enabled" should probably be disabled in Tor Browser
-------------------------------------+-------------------------------------
 Reporter:  cypherpunks              |          Owner:  tbb-team
     Type:  defect                   |         Status:  new
 Priority:  Medium                   |      Component:  Applications/Tor
                                     |  Browser
  Version:                           |       Severity:  Normal
 Keywords:  Tor Browser, full        |  Actual Points:
  screen                             |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 I've noticed in more recent TBB versions 8.5 & 9.x, when "full-screen-
 api.enabled" = true, some videos instantly start in full screen.  Happens
 in default private browsing mode or non-private browsing.  When the pref =
 false, nothing changes TBBs spoofed size.

 There is no warning - but I assume there could (should) be one, asking if
 user wants full screen, instead of just allowing it?

 Of course, most sites require at least 1st party scripts be allowed to
 play any vid.  Some won't show text without JS enabled.

 With the concern over spoofing screen sizes, what is the thinking of this
 pref being enabled.  Is it that "full screen" technically isn't =
 "maximized browser available screen size"?  They can still tell the exact
 resolution of the monitor or display, which varies a lot in phones or
 notebooks / desktops.

 Also - not the same problem, but if we're worried about not changing TBB's
 screen size from default, the maximize and restore control button (middle)
 should be grayed out.
 It's too easy to hit the maximize window button when trying to minimize to
 tray or close browser.  That also doesn't ask before changing screen size
 - only a warning after.  After the horses are out of the barn.

 Have a pref or setting somewhere else to re-enable the maximize window
 button, for those that don't care about fingerprinting.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32483>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list