Firefox To Add Tor Browser Anti-Fingerprinting Technique Called Letterboxing

Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year. "Called 'letterboxing,' this new technique adds 'gray spaces' to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished," reports ZDNet. From the report: Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs. The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation -- generating the same window dimensions for all users -- and then adding a "gray space" at the top, bottom, left, or right of the current page.

The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the "gray spaces" using a smooth animation a few milliseconds later. In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions. The feature was first developed for the Tor Browser, and can be seen in action here. In order to enable the feature in Firefox, "users will first need to visit the about:config page, enter 'privacy.resistFingerprinting' in the search box, and toggle the browser's anti-fingerprinting features to 'true,'" reports ZDNet.

Well it's a step

A long way to go, but I like this direction.

Re: Well it's a step

It has been around for a long time but good for them for getting some attention paid to the technique. I guess people probably have better things to do than wait around for the next technical advancements in video. Or maybe not. After all, you still see the ad eventually right?

Re: Well it's a step

It has been around for a long time but good for them for getting some attention paid to the technique....

Really? Popularity with technology like this only feeds the justification for advertisers to fund and create ways to defeat it.

Today it's an option buried in the bowels of browser settings where 99% of the lazy masses won't bother to look, but once this setting becomes default in browsers, there's too much money on the table for advertisers to simply sit idly by and do nothing.

Re: Well it's a step

_After all, you still see the ad eventually right?_

I dunno, what is an ad?

Re: Well it's a step

[morethanapapercert]

And it strikes me as pretty straight forward, even trivial, to work around this. All you would have to do is add a delay or secondary trigger to the code. Visitor resizes? then wait X milliseconds before checking window size. Or check window size only on a scroll or page down action.

Note: I'm not a web designer or coder, so I could be talking out my ass when it comes to judging the difficulty involved. But I'd be willing to bet money on it.

Re:Well it's a step

[Joce640k]

A long way to go, but I like this direction.

Really? Firefox is still sending a stupidly detailed user-agent string, exact model of graphics card, list of plugins, list of installed fonts, screen resolution, time zone, etc.

Hell, even your "Do Not Track" setting is useful to the people who want to track you - some people enable it, some people don't. Imagine that, a privacy-enhancing feature that decreases your privacy.

Re: Well it's a step

[tepples]

An ad is a message from a sponsor displayed in exchange for the sponsor's payment to a publisher (the operator of a website). If ads were banned, far more sites would have a paywall.

Re: Well it's a step

yep it'd be that easy, have the resize event create a one-shot timer that fires off the check window size.

Re:Well it's a step

What a horrible way to spoof ad scripts.

They abuse window dimensions, so the browser waste time & space drawing gray in order to faithfully report oddball window sizes?

Don't waste time & space drawing gray. Just report fake rounded-down window sizes when the scripts query.

There is no need to actually change the window size. Just lie to the ad scripts!

Re:Well it's a step

[AmiMoJo]

They never sent stuff like a list of fonts, but the list can be gleaned via CSS. Simply create hidden CSS elements with every known font in use and then query them to see if that actual font was used. The browser will even helpfully not load the actual font because it can see that the element is hidden, to avoid your code grinding the computer to a halt.

Screen resolution is the same. Even if they disable the direct JS query people would just make a bunch of CSS rules for different sizes and see which one is applied.

The ability of CSS to adapt to things like screen size is generally a good thing, the problem is that Javascript can then figure out what it did. Blocking that is possible but will cause breakage, so it needs a major browser like Firefox to do it slowly and push web developers to fix the issues. If they do it quickly with massive breakage then users will complain.

Re:Well it's a step

Since ads don't identify themsleves as such when they query for the information all instances of code the request the window size will see the fake size, and thus the page as a whole will render as if the fake size were real.

Padding it with grey is juts to make it look less shitty to the end user.

Re:Well it's a step

Me advertiser Ug. Me add small delay loop on ad code. Me beat Mozi//a gori//a coding many week on this. Gaa!
This feature is SO duh! to bypass, why are they wasting effort on it?

Re: Well it's a step

[Wulf2k]

"If ads were banned, far more sites would have a paywall."

If ads were banned, far fewer sites would exist.

How you interpret that statement depends on whether you're an optimist or a pessimist.

Re:Well it's a step

I don't know. Right now defences against fingerprinting exist but are definitely not mainstream in the way that say, ad blockers are. Indeed it seems to have stayed under the radar remarkably long, considering how detrimental these techniques are to your privacy. Using extensions like noscript or umatrix effectively requires a certain amount of dedication. But the last thing we need is an arms race. The client will win the arms rave against covert fingerprinting, and this will spur on the move towards mandatory real ID logins or verification for everything you do online. Don't fool yourself, the technology has matured and will be implemented in a way that is frictionless and accepted by ordinary sheeple. I would rather put off that day for as long as possible.

Re:Well it's a step

[Stan42]

Why not just us Tor then, will it make any difference ? Learning here, thanks !

imaginary secrets society bristles?

they watch/listen our way around, never saying excuse me or thank you.. phewww

Thanks

I hate it

Re: Thanks

Could of browsed anywhere. Came to /. Read unreadable and stupid story

You could have instead learned that it's not "could of," ya dick.

Re: Thanks

Could've would've should've.

Arms races

Sure, but what happens when they deploy their missle-missle-anti-anti-anti-missle-anti-anti missles?

Re: Arms races

Well, obviously your computer blows up.

Re:Arms races

They learn to spell "missile" properly?

Re:Arms races

[lgw]

Sure, but what happens when they deploy their missle-missle-anti-anti-anti-missle-anti-anti missles?

Those were banned by the anit-anti-missile missive.

Re:Arms races

[Wulf2k]

I think I was vaccinated for the missles once.

really? another about:config entry?

The lazy bastards only seem to add configuration page or about:config entries for settings that they are going to use, as opposed to the ones that users may wish to use. I'm in the process of creating a build machine for Firefox so I can start to add buttons for settings that I'd like to see exposed in the configuration settings.

For example, the new 'you must have search enabled' setting that requires having a search bar or forcing the address bar to double as a search bar. Second: the dropdown that covers the top 1/2" of the page when you start typing a URL, which if you're lucky, isn't being displayed in the top 1/2" of the page. Third: I'm going to re-attach the tabs to the pages and put the adress bar back on top where it belongs.

Re: really? another about:config entry?

Ad interference or blocking sometimes has the nice side effect of letting through the better ads, like the humorous ones or the higher quality longer running ads like those multi part ads some of the agencies make for long running campaigns

Great

[Artem+S.+Tashkinov]

Except there are literally hundreds of additional data points which allow websites to uniquely identify you. The best you could do without too much hassle is to run the English version of Google Chrome under the latest release of Windows 10 without any extensions or additional fonts installed. But even that is not enough since you still expose your time zone, WebGL extensions and then there are evercookies, mouse tracking, canvas fingerprinting, etc. etc. etc.

It surely looks like the WWW was built with tracking in mind. Not intentionally of course.

Re:Great

[mrbester]

The web was envisaged as being open by design. As it originated as something running on a closed corporate network, such openness such as identifiable information of the user wasn't considered remotely dodgy. It's only subsequently that such information has been considered to be morally dubious thanks to those who spotted a potential revenue source and exploited it.

Re:Great

The simple way to fix this is to commonize on a single, very common user agent sting, and only enable sending additional information for sites the user identifies as necessary. In fact, if it were built into the browser, a large list of sites and the strings they need to work could be crowdsourced. So, even though some website won't work if I don't report my browser window size, I can just always send 1024x768 and let the browser window fix the rendering as best as possible. The fact is, browser makers have obviously been sandbagging solutions to this problem.

Re:Great

But yay, HTML5, right? Nobody at any browser company gave a fuck about privacy and the browserleaks.com site you linked is the proof.
With that rant aside, I am glad to see Mozilla looking more seriously at improving privacy. If they become a real champion and not pull punches because of their corporate ties (ie. not wanting to piss off advertisers), I will be happy to donate to them again.

Re: Great

No such thing literally. User agent strings are not compatible with each other. Of course servers could simply use the simple WWW standards and render almost any page perfectly but no the server just has to know everything about you because its the server and we all must bow down to it because it is in charge and special. Or not

Re:Great

[Wycliffe]

Except there are literally hundreds of additional data points which allow websites to uniquely identify you.

The point isn't just to identify you as unique but for you to both be unique the first time AND recognizable the next time you come back. This seems like a much easier problem to solve. Just change as many of the settings as you can each time you visit a website. If you had a browser capable of randomly tweaking settings at each page load it should be able to add enough noise that browser fingerprinting would become worthless. As an added bonus, not only would it protect your browser, the noise would add a touch of herd immunity and help other people with stock browsers as well. The goal shouldn't be to lock down a browser so that nothing is leaked but rather to leak so much random crap that it becomes worthless.

Re:Great

[drinkypoo]

The best you could do without too much hassle is to run the English version of Google Chrome under the latest release of Windows 10

Run the browser that spies on you under the OS that spies on you? What a great idea!

Re:Great

[squiggleslash]

OK, and your point is what? That because there are hundreds they shouldn't start patching them one by one?

You do realize that if there are a hundred issues, it's highly unlikely Mozilla can put in one line of code, that doesn't break anything, that fixes EVERYTHING, right?

It looks to me as if Mozilla looked for one of the trickier ones to fix (fuzzing the font list would be easy, for example), and spent some time working on it. I'm glad they did. Now for the next fix.

Re:Great

https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/

Can't the javascript code just delay?

Isn't it trivial to write some java script to delay a bit before reading browser dimensions?

Re: Can't the javascript code just delay?

Yeah sometimes. Depends on the codec. If the browser is just displaying a blank screen or single color it may not report dimensions until something happens so you can end up with unplayable video running js like that or the black screen of death as some call it

Caveat

privacy.resistFingerprinting will set your useragent to Firefox 60 as i discovered when i visited the addons site in 65 and the page said i was running an incompatible version, a quick check of my useragent confirmed it was reporting 60, setting privacy.resistFingerprinting to the default false put the UA back to normal

Re:Caveat

I don't see how that is a problem, per se. I mean, shit, every time a bell rings, an angel pushes another update to Firefox, but not everyone updates at the same time as one another. Your browser version is a data point used to fingerprint you, after all.

Firefox 60 is currently the latest ESR release. There's probably more people on 60 compared to 65 when you consider all the ESR users out there, so by falsifying your UA details you're blending in with the crowd.

Re:Caveat

the annoying thing is the addons site doing UA sniffing in the first place, UA sniffing puts webdev back to "best viewed with.." just in a longer form.

Contraproductive

[dshk]

Fingerprinting is useful for moderation and in the fightagainst trolls, cheaters etc. It is about identifying a computer, not about identifying a person. If they make moderation harder, then there will be less place to socialize on the web. Moreover, income from untargetted ads is only 1/3 - 1/10 of the income for targetted ads. The reduced income results in less service. People could easily pay to replace ad income, but microtransactions haven't taken off for 20 years. They cannot win either, at most they make the monopolies of the internet stronger. It seems the developer community around the web shoot itself in the foot.

Re:Contraproductive

show us 1 discussion site that uses fingerprinting like you say ?
and fuck the advert companies, who gives a shit if they dont receive money, 10% of free money if still free, its not as if they had to work for it

Re:Contraproductive

[Actually,+I+do+RTFA]

Fingerprinting is useful for moderation and in the fightagainst trolls, cheaters etc.

That is one of it's uses, sure. And that same use would happen if you required everyone to have a verified photo ID. This benefit isn't worth the cost.

. It is about identifying a computer, not about identifying a person

I assume you know this is a lie. IDing a computer that looks at X, and IDing that same computer as signed into FB as Joe Schmo (at the same time?) is a clear way to link Joe Schmo to X.

They cannot win either, at most they make the monopolies of the internet stronger. It seems the developer community around the web shoot itself in the foot.

I don't understand what you are trying to say here. Want to clarify?

the annoying part of megasloth infomania

it takes the browser an extra 10-15+ seconds to search for my profile then encourage me to have one so the page phucking ADs i see will be relevant.. phewww.. cease fire stand down.. people only buy what they want..

resources

[sad_]

people wonder why are todays computers, which are so powerful, so slow?
well, this is the answer, first you have code running trying to identify who you are, then you have code running that tries to trick the other code detection mechanism. many cpu cycles are lost.

cpu cycles are not the only wasted resource, mind you. there is also somebody coding all this stuff, which otherwise perhaps could have been implementing really cool things.

Re:resources

[thegarbz]

people wonder why are todays computers, which are so powerful, so slow?

No they don't. We're dedicating very few resources to actually tracking. Most slowdowns are the result of poorly designed software or ignorant people realising how much more we're doing in software these days.

There's no reason a tracking script (or 10) should have any impact on page load times. There's also no reason to for anyone to think that using a browser from the early 00s would even function in today's internet.

And as if to poetically prove the point I just got an email notification in my browser just as I hit preview.

Re: resources

Reality disagrees with you. So does slashdot as the OP is +5

Re:resources

>how much more we're doing in software these days

Youtube ten years ago: show you a cat video
Youtube zero years ago: show you a cat video, five times the RAM

I know "how much more I'm doing in software these days" when I deliberately run ancient Photoshop and Office to use 95% of the same tools, with 5% of the boot/reactive time.

Re:resources

[Seven+Spirals]

This among other reasons is why I wish the Mozilla folks would integrate CPU throttling for background tabs. Chrome and Opera both have it. It is extremely effective and drives down CPU usage greatly for those of us who normally have a handful (or more) of tabs open. Hopefully, it's being worked on and I just can't see a single shred of evidence to that end because it's all being done quietly? It'd be a MUCH better feature than this letterboxing shit sounds like.

Side effects

I'm using nightly 67 and if you enable this, your browser won't launch in full screen mode anymore. It will start
much smaller and you will have to manually resize your window. It's kind of annoying.

Re: Side effects

Where is that setting? If you have ever written a video decoder for a highly compressed stream you have experienced the agony of piling up partially rendered framed just waiting the key frame to appear. Sometimes you run out of memory before it appears. In that context, these browser rendering foibles are extra meaningful. It must be nice to be the brain dead guy who walks around thinking about revenue streams while others do real work.

Re:Contraproductive my ass.

Yah, and mass surveillance is useful to fight crime. Go live in China if you like that.

I think what we need is a proxy in front of the browser (it has to handle TLS) which just manipulates the outgoing requests and LIES to the website. Because we have been given all reasons to mistrust most of them.

Whitelisting

[DrYak]

Saddly it seems that whitelisting Javascript (e.g.: the Firefox NoScript extension) and keeping it to the bare strict minimum required to successfully display a web page is the only practical way to avoid/diminish the online tracking.

Luckily, it seems that nearly all the web rely on 3rd party libraries to do the tracking and thus blocking 3rd party libraries and only allowing select few helps increasing the protection against tracking.

Re: Whitelisting

Firefox. A browser so good it must have been brought to you by the fourth dimension. (Eerie voice) the fourth dimension I tell you. The fourth dimension. The fourth dimension is the source.

Re: Whitelisting

So good the fourth dimension brought it to us twice!

Re:Whitelisting

NoScript is good. Cookie AutoDelete, GreaseMonkey, NoScript and Privoxy are better.

For example, Privoxy blocks a lot of advertising and crapware before NoScript gets to see it. I have a GreaseMonkey script that adds the SHA1 hash of the current domain to the title bar for https:/// URLs. In KeePass my Auto-Type-Window matching is keyed on the SHA1 hashes so that look-alike domains don't get a look-in.

Re: Whitelisting

I just betcha the fourth dimension brings all kinds of things you never wanted or asked for and avoids being identified as the bringer of such things

Re:Whitelisting

[AmiMoJo]

Whitlisting Javascript won't actually protect you from this, not entirely. For example the site can use CSS to load a different resource based on your browser window size, which the server can log along with your IP address.

It's extremely difficult to block everything that could be used to identify a browser. A better technique is to poison the data, making it unreliable and ever-changing.

Re:Whitelisting

https://www.eff.org/privacybad...

Re:Whitelisting

My browser strings used to show that my computer was an 8 bit Atari 800 with 16 MB of RAM, video card was a Hercules, the OS was MS-DOS 3.2, and that the web browser was Outlook Express. If the servers "need" to collect data then we should flood them with garbage data.

Re: Whitelisting

clearly uniquely identifiable and tracksble

Re:Whitelisting

Even better, choke them with poisonous garbage. They want to read back stuff? Each time, pick one of these actions:

1. Scramble whatever they read. Be it an ad cookie, screen size or other fingerprinting stuff. The data will be useless.

2. Use the teergrube technique of sending them one byte per minute - tying up their server for a long time. The problem is not that you alone do this, but if they have 10 000 such connections.

3. Attempt to force a buffer overflow down their throat. They expected a less than 60-character font name? Here's 60GB to go with it! Or how much of that they receive before the tcp connection suddenly breaks. Optionally, put real exploits in that buffer overflow, get a botnet consisting of compromized ad servers. Could be useful for further fun.

Re:Whitelisting

[AmiMoJo]

That really helps them uniquely identify you, because you are the only one surfing the web on an Atari 800.

What you need is an add-on that randomly changes the browser ID string every few minutes. Use a common but randomly selected one.

Re:Whitelisting

Google Ultron Mozzarella/6.9 (Windows NT 0.0)

Re:Contraproductive my ass.

If someone forks Privoxy to accept community blacklists such as EasyList, I'll use it on everything. I love Privoxy but I fucking hate training the bastard all the time.

Re: This breaks my fullscreen HTML5 game.

My thoughts exactly. I think you got the litany of complaints backwards though. You left the biggest complaint at the bottom of the list, which might work out in your fantasy world but in the real world you should put it at the top of your list. You see the litany does not get more interesting as you peruse it. It gets less and less interesting. But hey please keep filling up the slashdot server with text that will literally never be read by anyone.

Re:This breaks my fullscreen HTML5 game.

Boo hoo. Stop bitching and work around it. If you're even half-decent you'll find a way, but most video game developers are lazy bastards like yourself who couldn't code a Hello World without a dozen proprietary clutches and middleware packages. You think we give a shit about your game? This is our privacy at stake, here. Find another way to identify me, asshole.

they do it because it makes them money

this, spamming, robocalling and all that sort of mess, if people would actually stop giving them money/buying their stuff, they'd stop doing it

Maybe this is a stupid question

[EmagGeek]

Maybe this is a stupid question, but wouldn't a better solution simply be to deny "advertising code" from being able to access the window size? Why does any website need to be told what your window size is anyway, or for that matter, why does it need to be told anything at all about you?

Re:Maybe this is a stupid question

[tepples]

Why does any website need to be told what your window size is anyway

In order to choose the correct size of image to present to you, so that you don't end up wasting metered bandwidth downloading photos big enough to fill a 4K monitor just to display them on a smartphone's 480x800 pixel display.

There's your problem ...

The advertising code, which listens to window resize events

See, the problem is we seem to have reached the point of stupid where we let any random web page run scripts, as well as pulling in from any number of external assholes and parasites.

So, I treat ad networks for what they are .. useless sacks of shit who add no value to my life, consume my resources, and wish to harvest my personal information against my wishes. And my solution to that is to block the fuck out of these pieces of shit.

We need to get away from this busted security model in which any site can run scripts, can link to a dozen external sites who then claim you've agreed to their privacy policy and consented to scripts. Browsers have devolved to pretty much completely promiscuous so they'll run scripts from anybody anywhere, and that is eroding out security and our privacy.

Sorry, you don't get to fingerprint my browser, because your site isn't allowed to run scripts, and every site I visit that pulls in 3rd party parasites I block the parasites -- which makes them blocked everywhere.

If you work for an internet ad agency, you really deserve every user of the internet to stand in line and punch you in the throat ... because you're an asshole, and you deserve it.

As long as we keep up this fiction that we should be allowing every web site and whoever they partner with to run scripts on our browsers, we'll have this shit. We need to start reining in how much we allow sites to run scripts, and absolutely blocking the 3rd parties who add no value to the user ... and don't tell me ads and analytics offers value to me.

Sorry, but if you work for an analytics company, or an internet ad company, you really are a sack of shit who deserves the feel the wrath of everyone who is tired of being spied on ... and as such, you and your family have forfeited any right to privacy, as you have decided that we don't have any.

Re:There's your problem ...

[tepples]

Anonymous Coward wrote:

Sorry, but if you work for an analytics company, or an internet ad company, you really are a sack of shit

Then let's discuss how to make "Internet ad companies" and the "sack[s] of shit" who work for them obsolete. It sounds like you and other Slashdot users like you want one of three things to happen: either A. you want to keep ads but destroy "Internet ad companies", or B. you want to fund the operation of websites through payments from users, or C. you want to fund the operation of websites through some means other than ads or paywalls.

In case A, each website would have to hire, much as in the good old days of print advertising in newspapers. This means each website would need to hire an ad sales team to make prospective advertisers aware of the existence of that website's ad space. How would you suggest to make this practical for smaller websites?

In case B, I'm interested to see how you would circumvent banks' fees for accepting electronic payment. Pay-per-page is untenable because of the 30 cent fee that the acquiring bank takes on top of each transaction. So is paying for a pack of 100 articles on a particular site, as someone who pays $5.00 for the minimum 100-article pack just to read four articles would see 96 article view credits go to waste.

As for case C, could you explain what you had in mind? Shut down any site that doesn't have a shopping cart and isn't run by a nonprofit organization or as an individual's hobby?

Re: There's your problem ...

All great points. I suggest name and shame and boycott, which is what history suggests works very well

Re: There's your problem ...

[tepples]

You appear to suggest that users "name and shame and boycott" any website that relies on an ad network or ad exchange. Let's assume for purposes of argument that you operate a website or web application, and you want to fund the website's operation while avoiding this boycott. What would be your next step?

Re:There's your problem ...

C. you want to fund the operation of websites through some means other than ads or paywalls.

Well, see, I don't actually give the least fuck about how people fund their websites.

Some sites will have subscriptions, and some subset of people will buy them. Some set of users will allow ads, some will block them.

If you have a paywall, or ads, I'll block that shit .. if I can't get to your site, I'll use the back button.

Sites need traffic to claim to be relevant. Lock everyone out unless they pay, you lose people out of the gate -- lock out people with ad-blockers, and you lose relevance.

Shut down any site that doesn't have a shopping cart and isn't run by a nonprofit organization or as an individual's hobby?

I simply don't give a fuck how companies fund their sites. But I will keep blocking ad companies until I no longer can, and at which point the interwebs will have fully transitioned to be nothing but useless commercial shit anyway.

Me, I'm saying take anybody who works for an internet ad/analytics company, and beat them soundly with bats or doxx them and their families.

But I'm not willing to operate under the fiction that by visiting your website I have agreed to be ass-raped by the terms and conditions of every parasite you've partnered with ... my terms of service are "I reserve the right to block anything I want, and you are free to in turn block me".

If I walked into a physical store and someone tried to collect my details and pass them on to their marketing partners and put a tracker on me, they'd be met with physical violence ... digitally speaking, I'm just doing the same thing.

But I see no reason whatsoever why I should implicitly trust every 3rd party your site links to or let assholes like Facebook track me on unrelated sites.

Re:There's your problem ...

[Wulf2k]

I'm all for case C.

If it can't fund itself, does it really need to exist?

If it's something that needs to exist, can't it fund itself?

People get things goings at the "individual's hobby" level. Shouldn't anything grander than that be even easier to get and keep going?

Idiots!

[DontBeAMoran]

The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation -- generating the same window dimensions for all users.

Okay, who here has a monitor with a display resolution that is a perfect multiple of 100 in both X and Y? Not most people, that's who.

Does everyone who works on Firefox have an old 800x600 CRT or a laptop with a 1600x900 display or something? Because in the real world, there's a lot of resolutions and most of them are not divisible by 100.
The most popular one, which is "full HD" (1920x1080) is certainly not divisible by 100 in either X or Y.

So congratulations, idiots. You just gave advertisers a way to target Firefox users even if they use a fake user agent string.
We won't even talk about the problems this is going to create for web programmers who need to rely on knowing the exact size of the display for real-world purposes.

TL;DR, this is one more reason to NOT bother supporting Firefox anymore.

Re:Idiots!

[craigwilkie]

The way I read the summary was that the browser would maintain a "virtual window" inside of the real window. The real window could have any size; it is the size of the virtual window which would be quantised to 100px steps, and the gap between the real window and the virtual window would be the "letterbox".

Re: Idiots!

In a study of intelligence and browser usage it was found that Firefox users had the highest IQs. In fact, just sitting next to a Firefox user predicted a higher IQ.
The list went in the following order, approximately:
Firefox
Opera
I.E.
Edge
Chrome

Re:Idiots!

[tepples]

DontBeAMoran ( 4843879 ) wrote:

So congratulations, idiots. You just gave advertisers a way to target Firefox users even if they use a fake user agent string.

Targeting "Firefox users" isn't as valuable as targeting "D. B. A. Moran" who lives on 484 38th Street, apartment 79.

Re:Idiots!

[DontBeAMoran]

But the point of this virtual window is that it is the value returned to the scripts, which is going to make it easier to target Firefox users.

Re:Idiots!

[Actually,+I+do+RTFA]

We won't even talk about the problems this is going to create for web programmers who need to rely on knowing the exact size of the display for real-world purposes.

What uses are these?

Re:Idiots!

[DontBeAMoran]

It's used to align things when CSS fails to have a proper solution. It's used for interfaces, games, etc. It can be used to determine what resolution of image to dynamically fetch for your device. No point in downloading a 4K photo for a laptop that's not even full HD.

Re: Idiots!

[Red_Forman]

You think people using Opera, a now-owned-by-China browser, are smarter?

You think people who use Internet Explorer, which has been abandoned by Microsoft itself over a year ago, are smarter than people who use Edge?

You're a dumbass.

Re:Idiots!

Firefox user here. If someone wants to target me, great. If I want to hide the fact that I'm using Firefox, then I probably know to hide this, too. In fact, I wouldn't be surprised if we're just a release or two down the road from when a modified User-Agent string automatically disables this.

Mozilla is trying to get started doing a Good Thing. The problem you suggested really isn't a big deal.

Re: Idiots!

[The-Ixian]

You're a dumbass.

Says the Chrome user.....

Re:Idiots!

[nadass]

It's used to align things when CSS fails to have a proper solution. It's used for interfaces, games, etc. It can be used to determine what resolution of image to dynamically fetch for your device. No point in downloading a 4K photo for a laptop that's not even full HD.

You should be programming for the RELATIVE CONTENT POSITIONING and allow auxiliary scripts to dynamically fetch the right-sized create assets... Unless you're talking about scroll-over advertisements that are supposed to take over the entire screen, then yeah sure I can see why you're upset.

The year 2001 called, it wants its fixed content positioning CSS definitions back...

Re:Idiots!

[DontBeAMoran]

Relative positioning usually works, but sometimes you need to calculate something and position things manually.

Also... "allow auxiliary scripts to dynamically fetch the right-sized create assets...", how do you do that if not via javascript and reading the screen size?

Public web terminals

[tepples]

IDing a computer that looks at X, and IDing that same computer as signed into FB as Joe Schmo (at the same time?) is a clear way to link Joe Schmo to X.

It doesn't work so well when Joe Schmo logs into Facebook from the same public library computer from which other patrons log into Facebook.

Re:Public web terminals

[Actually,+I+do+RTFA]

I don't see why. You're ignoring time information. And ad networks are both aware of computer sharing and very good at disambiguating the users.

I mean, sure, Jow could use a public computer for X (which can no longer be something he cannot view in public, like porn or personal financial data). He could then leave, and come back later to use Facebook. But that's not what people really do. They have FB in one tab and X in another.

I SAID I LIKE THE DIRECTION.

What part of "long way to go" was unclear to you? User agent string is useful for formatting, you can spoof it, same with all that canvas info. TIME ZONE you put in the same category, lol? DNT we know has issues for all browsers.

How is any of that a "firefox" specific problem?

That's something I really want

> Scramble whatever they read. Be it an ad cookie, screen size or other fingerprinting stuff. The data will be useless.

I'd love to have an extension which recognizes common cookie patterns (e.g. 128 bits, base64 encoded) and replaces them with random numbers in that same format.

(It wouldn't work for long, though; adding a checksum allows bogus values to be ignored, and if it's a MAC, the client can't generate a valid one. So it would work the same as deleting it.)

Re:This breaks my fullscreen HTML5 game.

If it's possible for him to work around it, it will be possible for mal-ad-tracking-devs too.

the wind was waving goodbye

and when the night came
the forest folded its branches
around me
something passed by
and I went into a dream

I do not consent

Are you trying to kiss their ass or something? I don't understand the argument you're trying to make. Let me make my stance perfectly clear:
I do not consent to even ONE FUCKING CPU CYCLE being used for any of this nonsense. It's MY cpu, it's MY electricity. Not one data bit, not one cpu cycle. These websites can fuck right off!

In all fairness

If you're still running Firefox at this point, you're already standing out. If its market share is still over 0.5% I'd be surprised.

And they did it all to themselves with this quantum faggotry and the sad attempt to be a chrome clone that's been going on since FF 27. FUCK EM they ruined a good browser