Prevent sending screen size to server via CSS when JavaScript is disabled
https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html demonstrates that you can include a picture via CSS in dependence of the screen size, thus communicating it to the server. To make it possible to resize the window without danger of fingerprinting when JavaScript is disabled, the Tor Browser should do one of this things when the security slider is on "safest" (or "safer" for non-HTTPS pages): -Pretend that the screen has the standard resolution. -Don't load any media that is dependent on the screen size. -Preload all media that is dependent on the screen size. (This doesn't seem to be done right now, since the wait time for resizing is the same as for loading the page, and the site does not load very much slower than in the regular browser.)
Trac:
Username: Keritano