[tor-talk] Tor Browser window size
joebtfsplk at gmx.com
Fri Jul 25 15:05:48 UTC 2014
On 7/25/2014 1:57 AM, Georg Koppen wrote:
> Joe Btfsplk:
>> On 7/24/2014 3:58 AM, Georg Koppen wrote:
>>> Joe Btfsplk:
>>>> Should TBB always start in partial window size?
>>> It depends on your available screen size. But in almost all cases, yes,
>>> TBB should always start in partial window size at least until we find a
>>> good way to deal with maximized browser windows (see e.g.:
>> Thanks Georg,
>> Clearly I've forgotten or never knew why (partial) TBB window sizes can
>> be spoofed, but standard multiples for maximized TBB windows *can't* be
>> spoofed, instead.
>> ? Don't a "majority" of users maximize something like browsers, for
>> general use? I've never seen it mentioned that most users leave TBB in
>> partial screen.
>> I wouldn't think TBB (window size) would be used differently than
>> regular browsers (a result of human habit).
>> I rarely see people using browsers in partial size, unless doing some
>> between app operation / comparison. I'm talking about what the masses do.
>>>> Vanilla Firefox starts in maximized mode, if that was the state when
>>>> closed (I think).
>>>> TBB always starts in partial screen mode, even if last closed while in
>>>> full screen. Many apps remember the last screen size.
>>>> Is there an anonymity reason to have TBB start in partial screen?
>>> Not per se, but see https://bugs.torproject.org/7256 for the issue that
>>> still needs to get solved first.
>> I don't understand your last statement in relation to the bug you linked:
> It meant that there is no inherent anonymity reason to start TBB in
> partial screen mode. The reason we do that now is that it is the only
> way we currently can sort of guarantee that the window dimensions
> reported back to a website are properly rounded. Bug 7256 tracks one
> idea that would cover maximized windows as well.
Thanks. Again, Mike Perry commented in #7256,
"/...this potentially leaks information for users who maximize their
Which raises the question, what % of users DON'T maximize (most)
browsers they use, a good part of the time?
This all seems to ignore how a large % of users actually use a browser.
But, Mike says maximizing browser window potentially leaks info (as if ?
most users don't maximize?); you say, "not per se."
I read # 7256 several times & other related bugs. Many have reported in
several bugs, their TBB testing results under various scenarios at
different browser testing sites.
Using TBB maximized - significantly - increases fingerprinting entropy
for screen and / or window size, for me & others reporting on it.
Enabling JS for the current page's domain - only - increases total bits
of identifying info (bits ii) for TBB way, *way over* the threshold of
33 bits ii, that EFF.org says is needed to accurately identify a user
(their browser, device) at different websites.
Yet, unless only visiting sites like blogs, most sites now perform
poorly w/o JS enabled in NoScript, at least for their own domain (no 3rd
So, you can turn off JS & be much more anonymous, but not be able to use
a huge part of sites. Or judiciously turn JS on & be identifiable.
Does that about sum it up?
More information about the tor-talk