Homepage

Firefox to add Tor Browser anti-fingerprinting technique called letterboxing

Logo

Advertisement

A new user anti-fingerprinting technique which is known as letterboxing is now part of Firefox web browser. This new technique would add grey spaces to sides of the web page whenever the user resizes their browser window to virtually limit the variety of window sizes that a user can have.

General Idea

The general idea of letterboxing is to mask the real dimensions of the window by ensuring that the window height and width is at multiples of 100px and 200px during the window resize operation. It would generate the same window dimensions and add a grey space at the right, left, bottom or top of the current page if necessary.

Any tracking code that listens to the window resize events reads the would then read generic dimensions which are not good for identifying a user. In simple words, what letterboxing does is that it tricks the page script by making it see the newly-resized browser window with the incorrect dimensions. This simple fake window size can eliminate the user identification because too many people in the same area would have equal window size for their web browser.

Note that letterboxing is not a new technique. The Tor Browser has originally developed the feature about fix years ago and Mozilla is only integrating it. This feature is not enabled by default as the Firefox users have to visit the about:config page and activate the privacy resist fingerprinting option to enable it.

Note that letterboxing support for Firefox not only work for resizing the browser window but also it works when the users want to maximize the browser window or choose the full-screen browsing mode.

Works in Two States

Letterboxing protection for Firefox works in two states. The first is when the user maximizes the window in which the largest possible viewport which would be a multiple of 200 x 100. The rest of the screen would be covered with empty grey margins. Similarly, for the full screen, the viewport would again be given dimensions that are a multiple of 200 x 100 and the areas around chrome would be set to black. An extra zoom would then be applied in the full screen to the viewport and the maximized modes would be used as much as possible for the screen and the size of the empty margins will be minimized.

Another thing that Firefox needs to borrow from Tor Browser is the warning that is shown to users when they are maximizing the window. However, this feature seems unlikely to be added. The Tor Uplift is where all of this has started as it is a part of the larger project that had started in 2016.

Conclusion

Mozilla developers are slowly working on porting privacy-hardening features as part of the Tor Uplift. Some of the upcoming Tor uplift plans include support for prevention of Firefox from loading user details (real names, emails, usernames) into the operating system RAM and adding support for Firefox to block sites from fingerprinting users through VP8 and VP9 codex via the Audio Context API as worked on by the Mozilla engineers.