[tor-bugs] #33541 [Applications/Tor Browser]: fingerprinting: zoom.min/maxPercent should be fixed at 100

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 7 19:41:00 UTC 2020 

#33541: fingerprinting: zoom.min/maxPercent should be fixed at 100
-------------------------------------------+--------------------------
 Reporter:  cypherpunks                    |          Owner:  tbb-team
     Type:  defect                         |         Status:  new
 Priority:  Medium                         |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+--------------------------

Comment (by Thorin):

 Replying to [comment:2 cypherpunks]:
 > > as you can see from my test
 >
 > Where is that test to be seen?

 I'm the author of TorZillaPrint

 > As for the rest...

 I'd have to check, but those two prefs wouldn't be enough (but would help,
 I guess). I think `layout.css.devPixelsPerPx` overrides this. My main
 concern is that it removes functionality. I get the point that users who
 repeatedly zoom (and if i understand it correctly, they would have to
 consistently do it on new windows, new tabs, new sessions: and probably
 need to hit the same zoom level for precision tracking: and probably on
 the same sites: and the sites would have to bother fingerprinting this)
 could be a concern - but I think the threat is extremely low

 In order to make that combination of events for end users even harder:
 tighten zoom resistance to include domain changes per tab: i.e zoom once,
 keep re-using that tab and your inner window dimensions are currently
 "broken" consistently across domains for as long as you use that tab

 This is the better solution IMO, and in fact solves the problem you
 describe (I can't imagine anyone putting up with having to zoom everything
 all the time: they would be using system accessibility options or changing
 the OS's display sizes/dpi or whatever)

 --

 The ultimate solution, but I'm not entirely sure if it's feasible (or is
 but low priority and/or a lot of work), is that zoom could trigger
 letterboxing to re-calculate: but AFAIK zoom was explicitly left out in
 the RFP patch for technical/complexity issues (read
 https://bugzilla.mozilla.org/show_bug.cgi?id=1407366#c0 ) <- I'll ping tom
 (tom is the letterbox author)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33541#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list