Firefox 67 with anti-fingerprinting technique letterboxing

[Karlston]

Mozilla Firefox 67 will feature a new anti-fingerprinting technique that protects against certain window-size related fingerprinting methods.

 

Mozilla plans to integrate the new feature in Firefox 67 but delays may postpone the release. Firefox 67 will be released on May 14, 2019 according to the official release schedule.

 

The technique comes from experiments that the developers of the Tor browser conducted and is part of the Tor Uplift project that introduces improvements in the Tor browser to Firefox (Tor browser is based on Firefox code).

 

Window dimensions, especially in maximized state and when windows are resized, may be used for fingerprinting.

 

Fingerprinting refers to using data provided by the browser, e.g. automatically or by running certain scripts, to profile users. One of the appeals that fingerprinting has is that it does not require access to local storage and that some techniques work across browsers.

 

Tip: A study analyzed the effectiveness of fingerprinting countermeasures recently.

 

Maximized or fullscreen windows provide screen width and height information. Fullscreen reveals the actual screen with and height, a maximized window the width and height minus toolbars.

 

Resized windows on the other hand reveal exact dimensions of the browser window, e.g. 1003x744.

 

Letterboxing protects better against window size related fingerprinting techniques. It is a method that rounds the content view dynamically using 128x100 pixel steps.

 

Letterboxing adds margins around the content view of the window and calculates the margin dynamically to ensure that it is applied to resize scenarios as well (and not only when a new window is created).

Setting this up in Firefox

 

The Firefox preference privacy.resistFingerprinting determines whether anti-fingerprinting is enabled in Firefox. Note that it may render some sites and services unusable or less functional.

1. Make sure you run at least Firefox 67 (check about:support for the version. Note that this does not appear to have landed in Firefox Nightly atm)
2. Load about:config in the Firefox address bar.
3. Confirm that you will be careful.
4. Search for privacy.resistFingerprinting.
   • True: Fingerprinting protection is enabled including Letterboxing (as of Firefox 67).
   • False: Fingerprinting protection is disabled.

You can verify that the protection is in place by visiting Browserleaks or any other site that returns the screen resolution and viewport. Just change the window size a couple of times and reload the page to find out if it rounds the resolution and viewport (it should return a multiple of 128x100 pixels).

 

You may also notice the margins that Firefox uses when the feature is enabled.

 

Source: Firefox 67 with anti-fingerprinting technique letterboxing (gHacks - Martin Brinkmann)