TBB still doesn't round windows in some cases
I understand TBB does something to reduce the fingerprintability of the browser window size, but apparently it isn't enough as https://panopticlick.eff.org/ says they've never seen my screen size before. I'm using the latest TBB on the latest debian stable with the dwm window manager.
Could TBB please round the size to a larger interval so that I look like a more typical user? Thanks.
Activity
it looks like someone has already attempted to block the screenX and screenY, but it is not happening, window.screen property has the correct information available. https://github.com/tomrittervg/tor-browser/blob/70783c6cdb4bb0ce88fa17e814dc67fddc6ce078/dom/base/nsGlobalWindow.cpp#L4352
Trac:
Username: randybytes
Replying to cypherpunks:
I understand TBB does something to reduce the fingerprintability of the browser window size, but apparently it isn't enough as https://panopticlick.eff.org/ says they've never seen my screen size before. I'm using the latest TBB on the latest debian stable with the dwm window manager.
Could TBB please round the size to a larger interval so that I look like a more typical user? Thanks.
For screen size, Tor Browser reports your window size. Unless you resized the browser window, the size should be a multiple of 100. What size was reported by https://panopticlick.eff.org/ ?
Also see #13650 (moved).
-
Replying to randybytes:
it looks like someone has already attempted to block the screenX and screenY, but it is not happening, window.screen property has the correct information available. https://github.com/tomrittervg/tor-browser/blob/70783c6cdb4bb0ce88fa17e814dc67fddc6ce078/dom/base/nsGlobalWindow.cpp#L4352
Access to properties within window.screen has been patched as well. Are you seeing a case where window.screen leaks the actual display dimensions or other info?
-
Replying to mcs:
Access to properties within window.screen has been patched as well. Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Yes, on the Tor Browser bundle 4.03 with windows 8.1 leaks the actual display dimensions:
On https://panopticlick.eff.org it leaks:
Screen Size and Color Depth: 1366x633x24
which only 1 in 82820.68 browsers have this value.
from the javascript console window.screen shows:
Screen { availWidth: 1366, availHeight: 383, width: 1366, height: 383, colorDepth: 24, ...
Thanks for replying, is their any diagnostic information that could help?
Trac:
Username: randybytes Replying to cypherpunks:
I understand TBB does something to reduce the fingerprintability of the browser window size, but apparently it isn't enough as https://panopticlick.eff.org/ says they've never seen my screen size before. I'm using the latest TBB on the latest debian stable with the dwm window manager.
Could TBB please round the size to a larger interval so that I look like a more typical user? Thanks. Window size quantization seems to be iffy with tiling dwm. If you're using the tiling mode, try switching to stacking.
Replying to randybytes:
Replying to mcs:
Access to properties within window.screen has been patched as well. Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Yes, on the Tor Browser bundle 4.03 with windows 8.1 leaks the actual display dimensions:
On https://panopticlick.eff.org it leaks:
Screen Size and Color Depth: 1366x633x24
which only 1 in 82820.68 browsers have this value.
from the javascript console window.screen shows:
Screen { availWidth: 1366, availHeight: 383, width: 1366, height: 383, colorDepth: 24, ...
Thanks for replying, is their any diagnostic information that could help?
Are you resizing/maximizing your browser window? If so, then this is the cause of the unusual screen size. Our defense is not working with resized/maximized windows yet.
-
Replying to gk:
Replying to randybytes:
Replying to mcs:
Access to properties within window.screen has been patched as well. Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Are you seeing a case where window.screen leaks the actual display dimensions or other info?
Yes, on the Tor Browser bundle 4.03 with windows 8.1 leaks the actual display dimensions:
On https://panopticlick.eff.org it leaks:
Screen Size and Color Depth: 1366x633x24
which only 1 in 82820.68 browsers have this value.
from the javascript console window.screen shows:
Screen { availWidth: 1366, availHeight: 383, width: 1366, height: 383, colorDepth: 24, ...
Thanks for replying, is their any diagnostic information that could help?
Are you resizing/maximizing your browser window? If so, then this is the cause of the unusual screen size. Our defense is not working with resized/maximized windows yet.
When I start the browser in windowed mode, without any resizing or maximization I get:
Screen Size and Color Depth: one in x browsers have this value: 621890.75 value: 1004x535x24
So even with no alterations to the window, I am not getting any protection on my platform. 1 in 62K could identify my computer.
Trac:
Username: randybytes -
Replying to randybytes:
When I start the browser in windowed mode, without any resizing or maximization I get:
Screen Size and Color Depth: one in x browsers have this value: 621890.75 value: 1004x535x24
So even with no alterations to the window, I am not getting any protection on my platform. 1 in 62K could identify my computer.
Could you set
extensions.torbutton.loglevelto3and click on New Identity? I'd like to have a look at the log output after "Torbutton INFO: New window" which you should find in your browser console (CTRL + SHIFT + J). 
I am really hoping we can call this a dup of #14429 (moved), but putting this month's tag on it to track that.
Trac:
Keywords: TorBrowserTeam201502 deleted, TorBrowserTeam201503 added