Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox To Add Tor Browser Anti-Fingerprinting Technique Called Letterboxing (zdnet.com)

Posted by BeauHD on from the new-and-improved dept.

Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year. "Called 'letterboxing,' this new technique adds 'gray spaces' to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished," reports ZDNet. From the report: Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs. The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation -- generating the same window dimensions for all users -- and then adding a "gray space" at the top, bottom, left, or right of the current page.

The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the "gray spaces" using a smooth animation a few milliseconds later. In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions. The feature was first developed for the Tor Browser, and can be seen in action here. In order to enable the feature in Firefox, "users will first need to visit the about:config page, enter 'privacy.resistFingerprinting' in the search box, and toggle the browser's anti-fingerprinting features to 'true,'" reports ZDNet.

8 of 101 comments (clear)

  1. Well it's a step by Anonymous Coward · · Score: 3, Insightful

    A long way to go, but I like this direction.

    1. Re:Well it's a step by Anonymous Coward · · Score: 2, Insightful

      What a horrible way to spoof ad scripts.

      They abuse window dimensions, so the browser waste time & space drawing gray in order to faithfully report oddball window sizes?

      Don't waste time & space drawing gray. Just report fake rounded-down window sizes when the scripts query.

      There is no need to actually change the window size. Just lie to the ad scripts!

  2. Can't the javascript code just delay? by Anonymous Coward · · Score: 2, Insightful

    Isn't it trivial to write some java script to delay a bit before reading browser dimensions?

  3. resources by sad_ · · Score: 5, Insightful

    people wonder why are todays computers, which are so powerful, so slow?
    well, this is the answer, first you have code running trying to identify who you are, then you have code running that tries to trick the other code detection mechanism. many cpu cycles are lost.

    cpu cycles are not the only wasted resource, mind you. there is also somebody coding all this stuff, which otherwise perhaps could have been implementing really cool things.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  4. Whitelisting by DrYak · · Score: 5, Insightful

    Saddly it seems that whitelisting Javascript (e.g.: the Firefox NoScript extension) and keeping it to the bare strict minimum required to successfully display a web page is the only practical way to avoid/diminish the online tracking.

    Luckily, it seems that nearly all the web rely on 3rd party libraries to do the tracking and thus blocking 3rd party libraries and only allowing select few helps increasing the protection against tracking.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Whitelisting by Anonymous Coward · · Score: 3, Insightful

      My browser strings used to show that my computer was an 8 bit Atari 800 with 16 MB of RAM, video card was a Hercules, the OS was MS-DOS 3.2, and that the web browser was Outlook Express. If the servers "need" to collect data then we should flood them with garbage data.

    2. Re:Whitelisting by AmiMoJo · · Score: 3, Insightful

      That really helps them uniquely identify you, because you are the only one surfing the web on an Atari 800.

      What you need is an add-on that randomly changes the browser ID string every few minutes. Use a common but randomly selected one.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Re:Idiots! by tepples · · Score: 3, Insightful

    DontBeAMoran ( 4843879 ) wrote:

    So congratulations, idiots. You just gave advertisers a way to target Firefox users even if they use a fake user agent string.

    Targeting "Firefox users" isn't as valuable as targeting "D. B. A. Moran" who lives on 484 38th Street, apartment 79.