Letterboxing will help obfuscate browser window identifiers
Mozilla continues to put itself forward as the privacy-conscious browser, with plans to integrate an anti-tracking feature in its upcoming release of Firefox 67.
The new feature will help users obfuscate their online presence through a technique called ‘letterboxing’, developed largely by Tor in 2015.
Letterboxing effectively alters the aspect ratio of a browser window in order to block third-party trackers that may be recording changes in size in order to create a profile based on a user’s searching habits.
“Window dimensions are a big source of fingerprintable entropy on the web,” wrote Arthur Edelstein in a Bugzilla entry over a year ago.
“Maximized windows reveal available screen width and height (excluding toolbars) and fullscreen windows reveal screen width and height. Non-maximized windows can allow strong correlation between two tabs in the same window.”
If a user resizes their browser window, the precise dimensions form a unique fingerprint which can allow a website or third-party ad network to track them.
By adding empty margins to the browser window, letterboxing protects against this type of digital fingerprinting for every new window opened and each time a user resizes the page themselves.
An ad tracker, for instance, will be made to believe that the window dimensions for each page are indiscrete with letterboxing implemented.
The feature is already available in Firefox Nightly, and will notably not be enabled by default with version 67, which is set to be released this May.
“The letterboxing is hidden behind a hidden pref privacy.resistFingerprinting.letterboxing,” wrote engineer Tim Huang in a Bugzilla entry authored in January.
“By default, it will use stepping size 200x100 to round content window. And we can customize the set of dimensions used for deciding the size of the rounded content viewport by the pref privacy.resistFingerprinting.letterboxing.dimensions.
“We will find the dimensions which can fit into the real content size and have the smallest margins to be the rounded content viewport size.”
The move to apply letterboxing reflects a larger Mozilla project aimed at integrating Tor features into Firefox known as Tor Uplift.
Some Tor components that have appeared in Firefox versions already have included blocking canvas fingerprinting (Firefox 58), First-Party Isolation (Firefox 55), and blocking system font fingerprinting (Firefox 52).
Users can test to see if their browser is protected from fingerprinting via the Electronic Frontier Foundation’s Panopticlick tool.