
Firefox to add Tor Browser anti-fingerprinting technique called letterboxing - commoner
https://www.zdnet.com/article/firefox-to-add-tor-browser-anti-fingerprinting-technique-called-letterboxing/
======
newscracker
Every time there's something about online privacy with browsers, it's mostly
Firefox or Safari. I wondered if Chrome had resisting fingerprinting on its
radar (guessing that it wouldn't be in Google's interests to add any feature
that would thwart profiling users online), and I found this [1] confirming my
guess (emphasis mine):

> Since we don't believe it's feasible to provide some mode of Chrome that can
> truly prevent passive fingerprinting, _we will mark all related bugs and
> feature requests as WontFix._

I haven't read all the analyses in the links in that article, but this sounds
defeatist and lazy, much unlike a stance that Chromium would take on security
or performance on the web.

Contrast the above with what this article says about Firefox:

> Firefox's upcoming letterboxing feature is part of a larger project that
> started in 2016, called Tor Uplift.

> Part of Tor Uplift, Mozilla developers have been slowly porting privacy-
> hardening features developed originally for the Tor Browser and integrating
> them into Firefox.

If you value online privacy, your best choice is Firefox (though it requires
some additional manual configuration). Safari comes second (its extensions
directory could use more love). _The choice where you can add more of your
influence to is Firefox — by using it, evangelizing it and by donating (if
feasible) to it._

[1]:
[https://chromium.googlesource.com/chromium/src/+/master/docs...](https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-
isnt-passive-browser-fingerprinting-including-passive-cookies_in-Chromes-
threat-model)

~~~
Jonnax
Here's a good comparison: Android Chrome's user agent:

Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36

Versus Android Firefox's user agent: Mozilla/5.0 (Android 9; Mobile; rv:66.0)
Gecko/66.0 Firefox/66.0

Note how the Chrome browser announces your phone model and software build
version to the world.

With regional models with carrier customised software builds, simply the user
agent can be used to fingerprint a user.

~~~
homero
Yup it's disgusting. Even in private mode sites know it's me with my build
version and ip.

~~~
tsukurimashou
To be honest most people are confused about "private mode", I agree there
should be privacy options enabled by default with it, but the reality is
pretty much "no browser history will be stored (locally) and your session /
cookies will be isolated between private mode and "normal mode"

~~~
SmellyGeekBoy
Indeed. It's intended as a method of watching porn without having it pop up in
the address autocomplete later when your kids are trying to go to the Peppa
Pig website.

------
cronix
> The general idea is that "letterboxing" will mask the window's real
> dimensions by keeping the window width and height at multiples of 200px and
> 100px during the resize operation --generating the same window dimensions
> for all users-- and then adding a "gray space" at the top, bottom, left, or
> right of the current page.

> The advertising code, which listens to window resize events, then reads the
> generic dimensions, sends the data to its server, and only after does
> Firefox remove the "gray spaces" using a smooth animation a few milliseconds
> later.

Would using a setTimeout() on the window resize event bypass this? Send the
data 20-50ms after resize is completed giving enough time for the letterboxing
stuff to go away revealing the actual dimensions, or something? They say it
only blocks the dimensions _during_ the resize event and FF removes the
letterboxing "a few ms later"

~~~
kabacha
Presumably the implementation is smarter than being defeated by this easy
trick, but I too wonder how it works.

> Finally, an extra zoom was applied to the viewport in fullscreen and
> maximized modes to use as much of the screen as possible and minimize the
> size of the empty margins. In that case, the window had a "letterbox"
> (margins at top and bottom only) or "pillbox" (margins at left and right
> only) appearance. window.devicePixelRatio was always spoofed to 1.0 even
> when device pixels != CSS pixels.

So presumably the window size is not being reset to real size - firefox just
does a smart zoomin. In other words the fake size remains throughout entire
session.

~~~
SamuelAdams
> Presumably the implementation is smarter than being defeated by this easy
> trick, but I too wonder how it works.

I wouldn't make too many assumptions. Browser vendors have overlooked
seemingly "simple" things in the past [1].

[1]:
[https://news.ycombinator.com/item?id=13329525](https://news.ycombinator.com/item?id=13329525)

------
meruru
I recommend the privacy.resistFingerpriting about:config mentioned. It's been
available for a while and does other things too, like changing your user
agent.

~~~
pera
I've been using _privacy.resistFingerprinting_ for a while and also recommend
it, but there is one major "side effect": your reCAPTCHA score will drop to
0.1 making many websites really tedious to use. It's a price I'm willing to
pay though...

~~~
meruru
reCAPTCHA is a Google thing so it gets blocked in my browser already anyway
(by uMatrix). If I need to load it to see a website, I close the tab
immediately and go somewhere else.

~~~
MagicPropmaker
You need reCAPTCHA to log into HN (or at least I do when I'm working from some
parts of the middle east)

~~~
beatgammit
I use a mobile app and have gotten errors saying I need to solve a captcha.
Since I can't do that on this app, it just means I'll stop commenting for a
couple days until HN decides to stop bothering me.

That's happened twice, and it really hasn't been a big deal. I've never
actually done a captcha for HN, it's just not worth it to me.

~~~
commoner
Which HN app are you using? Materialistic (Android) and Hackers (iOS) have
worked for me with no CAPTCHA issues, even with a VPN.

[https://github.com/hidroh/materialistic](https://github.com/hidroh/materialistic)

[https://github.com/weiran/Hackers](https://github.com/weiran/Hackers)

------
regecks
I try enabling this occasionally, but it causes my zoom preference to be
forgotten for each site after I close the tab. Seems to be intentional
([https://bugzilla.mozilla.org/show_bug.cgi?id=1369357](https://bugzilla.mozilla.org/show_bug.cgi?id=1369357)).

I need zoom to not ruin my eyes - is it just too hard to mask the true zoom?

With the letterboxing, it seems like it would mostly not do anything when
using a tiling WM with fixed splits. Does that sound right?

~~~
Vinnl
> it seems like it would mostly not do anything when using a tiling WM with
> fixed splits

In the bug report [1] it says:

> We haven't yet landed this feature in Tor Browser for at a few reasons: > \-
> ... > \- * Tiling window managers on Linux are hard to detect. Any
> implementation will need to behave appropriately for those.

So it appears they are still working on that.

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=1407366](https://bugzilla.mozilla.org/show_bug.cgi?id=1407366)

------
kowdermeister
This is horrible from a UX perspective. There are many fingerprinting
techniques besides this. I don't see how adding a user hostile behaviour will
help.

~~~
move-on-by
What else can they do to decrease the effectiveness of increasingly hostile
trackers?

~~~
kowdermeister
Easy way to do ad networks host blocking. The real problem is canvas
fingerprinting, but that's an inherent issue of the whole graphics stack so
everything depends on your freak-out factor.

------
fxfan
Maybe firefox should also install ublock origin by default?

This isn't just for some power users- it will increase their share among
regular people whose pages will load even faster making Firefox popular.

Or are they waiting until the user share falls below 5%? Maybe they should
listen to Andy grove and prepare now.

~~~
alkonaut
They should turn fingerprinting to max and install uBlock origin by default.

It might mean millions of FF users would suddenly struggle with captchas, but
it might also mean that site creators just stop using reCaptcha and similar.

~~~
cift
Or, most 'regular' users will switch to Chrome because reCAPTCHAs work better
in that browser. Firefox needs to make sure they're not going to ruin the user
experience by breaking sites like this

------
Tsubasachan
Nice but the more you want privacy the more CAPTCHA Google will throw at you.

~~~
tinus_hn
Google isn't going to bother the general public like that, that’s limited to
small groups like techs who block the canvas fingerprinting. Do you think
Google is going to spam people that use the Safari default intelligent
tracking protection?

------
mindslight
But I've already got code in my xmonad.hs that clamps firefox windows to
common monitor sizes?

It's truly unfortunate that browsers just punted on security, dumping endless
amounts of sensitive information into a purported sandbox. Why bother
developing something with a secure mindset to begin with, when you can just
band-aid on patches later?! It's the sendmail/ActiveX philosophy all over
again, only now with network effects.

------
tjpnz
Why can't the ad industry just accept that there are some people out there who
don't want to see ads and wouldn't click on one to begin with? Then they can
honor Do Not Track and those who choose to work in adtech can start working on
things that are more productive to their business.

~~~
HunOL
Ads are not always for clicking. If you don't want to see ads than you should
pay for content or leave.

~~~
mruts
I’ll take the third option: blocking every single ad and making my browser as
untrackable as possible.

------
thatsaguy
I've been using FF with resistFinterprinting on since it was available.
Letterboxing does break a lot of websites and apps, sometimes making them
unusable due to incorrect positioning and scaling of the elements.

------
osrec
If Firefox could make their Dev tools as good as Chrome's, I would switch
immediately.

~~~
antpls
Firefox is already valuable for browsing on mobile phone, where there is not
much space on screen to have Dev console anyway. I recommend trying Firefox
Mobile

~~~
Kuraj
Firefox on Android won my heart with extension support, which means I can have
an ad blocker (uBlock Origin, no less) without root

------
patrickaljord
At this point Firefox should just merge with Tor if they want to market
themselves as the pro-privacy browser. Right now I just use Chrome when I'm
using my real identity for work and shopping and social media anyway as it's a
very good browser and supported everywhere and has an open source version
through Chromium.

When I need actual privacy, I just use Tor which supports most sites and is
way more protective of my privacy than firefox. May switch to Brave in the
future for this use case as they're adding Tor support but right now Chrome +
Tor every once in a while works best for me.

~~~
maxencecornet
>May switch to Brave in the future

In the futur? Tor tabs are already a feature of Brave, as of today

~~~
patrickaljord
It wasn't last time I tried on Linux. Thanks for the headsup.

------
scotty79
How will that not break most of js positioning done on window.resize?

~~~
thepangolino
Is there any legitimate reason for it? Besides playing pong with browser
windows.

------
techvellacom
The Tor Uplift process later continued in Firefox 55 when Mozilla added a Tor
Browser feature known as First-Party Isolation (FPI), which worked by
separating cookies on a per-domain basis, preventing ad trackers from using
cookies to track users across the Internet. This feature is now at the heart
of Project Fission and will morph into a Chrome-like "site isolation" feature
for Firefox.

This is just factually incorrect.

------
lxe
Why not simply allow the user to control the js apis that are
available/enabled, kind of like the camera/mic permissions? If sites simply
cannot use the mouse events or window size events, they won’t be able to
fingerprint. This grey box alternative seems like a complicated hack.

~~~
mLuby
The problem is this will straight up crash many important sites. In the battle
between usability and privacy, usability wins. Just try disabling javascript
or cookies and see how long you last.

------
FavouriteColour
If it helps defeat tracking then I’d like an option to snap to pre-defined
sizes as I resize the window.

------
meruru
This is awesome. Other things I'd like to see added directly to Firefox are
things like Ad and script blocking, HTTPS everywhere, and maybe something like
a Tor button so that I don't have to rely on third parties for these critical
privacy features.

------
godelski
What's the canvas fingerprinting one do? From what I (very poorly) understand,
Tor returns a constant number for fingerprint requests. Can this be done for
other requests?

~~~
commoner
It prompts the user to decline a site from accessing data from the Canvas API.
This data can uniquely identify the user's computer. The Firefox feature is
identical to the one from the Tor Browser.

Screenshot: [https://thehackernews.com/2017/10/canvas-browser-
fingerprint...](https://thehackernews.com/2017/10/canvas-browser-fingerprint-
blocker.html)

[https://www.torproject.org/projects/torbrowser/design/](https://www.torproject.org/projects/torbrowser/design/)
(see the "HTML5 Canvas Image Extraction" section)

[https://gitweb.torproject.org/tor-
browser.git/commit/?h=tor-...](https://gitweb.torproject.org/tor-
browser.git/commit/?h=tor-
browser-52.5.2esr-7.0-2&id=196354d7951a48b4e6f5309d2a8e46962fff9d5f)

[https://developer.mozilla.org/en-
US/docs/Web/API/Canvas_API](https://developer.mozilla.org/en-
US/docs/Web/API/Canvas_API)

~~~
godelski
Thanks, those look like good reads. So I see in my version of FF that it is
enabled as true but I don't recall ever seeing a prompt.

I would love to see a blog post about some of these features and why things
are difficult.

------
Yuval_Halevi
I'm using Brave for a while they have a function to surf the web through Tor
network

which seems pretty safe

I'm glad to hear the Firefox also give a lot of value to privacy

------
known
Why not just download/use Tor Browser?

~~~
adrianN
If changes are included upstream, that reduces the maintenance burden.

------
franky47
While I welcome another way to fight the constant tracking that we've come to
know and love, this is, in my case, a break of workflow [1].

I do responsive web design, and spend a considerable amount of time resizing
my browser window as a "cheap" way of previewing how it would look on narrower
screens. Having the resize snap to multiples of 100 or 200px would make this
experience horrible. Disabling it on localhost (where you're supposedly in
control of what goes in and out the browser) could be a solution.

[1] [https://xkcd.com/1172/](https://xkcd.com/1172/)

~~~
curiousgal
Why not use the built-in mobile preview tool that allows you to set custom
dimensions?

~~~
franky47
I also use that, but I find it faster and more straightforward to just drag
the window edge, especially when devtools are not opened. One example is using
browser and editor side-by-side on a single macOS split-full-screen.

~~~
chrismorgan
You can open responsive mode via a keyboard shortcut without needing the dev
tools open; on Windows it’s Ctrl+Shift+M, no idea about macOS but it’s
doubtless easy to look up.

~~~
meruru
It's the same shortcut on Linux and *BSD and probably everywhere.

------
angel_j
> Firefox's letterboxing support doesn't only work when resizing a browser
> window but also works when users are maximizing the browser window, or
> entering in fullscreen mode

Brilliant. All you have to do is change your window size for every site you
visit.

~~~
dymk
The reason it's fingerprint resistant is because lots of other people will
have the same reported screen size. Not because a different screen size is
reported to different sites.

