Investigate fingerprinting capability of viewport API
I am not sure if this is an issue for TB. I do not have a touch device on which to install TB8. But since Tor Uplift's RFP underlines this protection, it might be prudent for someone to check it out.
My Android has a low screen res, the web content loads at a higher res - when I pinch to zoom and re-run/refresh: the viewport shows entropy. Ignore the css media measurements. Just focus on the five JS results: screen, available screen, outer, inner and viewport
Control
- device should not be hidpi/retina/whatever-you-call-it
- load test page [1]
- all the widths/heights (except viewport: e.g 17px less width) should be the same (i.e
1000 x 1000
) - zoom in to
133%
- refresh or rerun button
- all the widths/heights (except viewport e.g 13px less width) should be the same (e.g
750 x 750
)
STR
- device should be hidpi
- load the test page
- all the widths/heights (except viewport) should be the same (e.g
980 x 1522
) - zoom in (fingers on a touch device)
- scroll to the left and hit
re-run tests
- scroll back to the right and viewport is still based on the old value
- also, in the pic in [2] css media still shows it's using the old values (
980
) (ignore that it's missing the height values: not sure why it does that: I think it's because it hits a fraction, I see the same thing on desktop)
Is this just a quirk? Or is the viewport not properly spoofed in all situations?
[1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen [2] https://github.com/ghacksuserjs/TorZillaPrint/issues/34