Firefox to add Tor anti-fingerprinting called letterboxing
Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year.
Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs.
Called “letterboxing,” this new technique adds “gray spaces” to the sides of a web page when the user resizes the browser window.
The general idea is that “letterboxing” will mask the window’s real dimensions by keeping the window width and height at multiples of 200px and 100px during the window resize operation –generating the same window dimensions for all users– and then adding a “gray space” at the top, bottom, left, or right of the current page.
The advertising code, which listens to window resize events, then reads the generic dimensions, and sends the data to its server. In other words, letterboxing tricks the advertising code into seeing the newly-resized browser window at incorrect dimensions. The browser window can have any shape and size, but the page content inside it is only displayed at certain preset dimensions and the rest is filled with a gray space.
Notice the gray space near the side of the browser window margin
Letterboxing isn’t a new technique. Mozilla is actually integrating a feature that was originally developed for the Tor Browser four years ago, in January 2015.
A demo of the letterboxing anti-fingerprinting feature is available below, as it was first developed for the Tor Browser:
“Our current Letterbox experiment differs from a preceding experiment carried out by the Tor Project,” a Mozilla spokesperson told ZDNet. The difference is that the Tor Browser implementation kept the entire browser window at preset dimensions, while the Mozilla version uses gray spaces to let the browser window show at any size, but keep the page content at preset dimensions.
Letterboxing is currently available in Firefox Nightly and will be generally available for all users with the release of Firefox 67 in May.
The feature isn’t enabled by default, though. Firefox users will first need to visit the about:config page, enter “privacy.resistFingerprinting” in the search box, and toggle the browser’s anti-fingerprinting features to “true.”
Firefox’s letterboxing support doesn’t only work when resizing a browser window but also works when users are maximizing the browser window, or entering in fullscreen mode.
According to a Bugzilla entry, this is how Firefox’s letterboxing protection works in these two states:
When the user maximizes the window, the largest possible viewport is used, again a multiple of 200 x 100. Empty gray margins in the chrome part of the window cover the rest of the screen. Similarly, in fullscreen, the viewport is again given dimensions a multiple of 200 x 100, and the chrome areas around it are set to black.
Finally, an extra zoom was applied to the viewport in fullscreen and maximized modes to use as much of the screen as possible and minimize the size of the empty margins. In that case, the window had a “letterbox” (margins at top and bottom only) or “pillbox” (margins at left and right only) appearance. window.devicePixelRatio was always spoofed to 1.0 even when device pixels != CSS pixels.
One last thing that Firefox should borrow from the Tor Browser is the warning that the Tor Browser shows users when users are maximizing their window. However, despite being a useful warning, a Mozilla spokesperson told us there are currently no plans to integrate this feature into Firefox for the time being.
Firefox’s upcoming letterboxing feature is part of a larger project that started in 2016, called Tor Uplift.
Part of Tor Uplift, Mozilla developers have been slowly porting privacy-hardening features developed originally for the Tor Browser and integrating them into Firefox.
For example, in Firefox 48, Mozilla integrated a list of known user fingerprinting domains that the Tor Project was maintaining to block inside the Tor Browser.
In Firefox 52, Mozilla added a second Tor Browser anti-fingerprinting technique that prevented websites from identifying users based on their operating system fonts.
The Tor Uplift process later continued in Firefox 55 when Mozilla added a Tor Browser feature known as First-Party Isolation (FPI), which worked by separating cookies on a per-domain basis, preventing ad trackers from using cookies to track users across the Internet.
Three releases later, in Firefox 58, Mozilla engineers integrated another Tor Browser anti-fingerprinting technique that prevented websites from tracking users via the HTML5 canvas element.
Upcoming Tor Uplift plans include Mozilla engineers adding support in Firefox for blocking sites from fingerprinting users via VP8 and VP9 codecs, via the AudioContext API, and support for preventing Firefox from loading user details (username, emails, real names) into the operating system RAM.