Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year.
Called “letterboxing,” this new technique adds “gray spaces” to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.
Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs.
The general idea is that “letterboxing” will mask the window’s real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation –generating the same window dimensions for all users– and then adding a “gray space” at the top, bottom, left, or right of the current page.
The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the “gray spaces” using a smooth animation a few milliseconds later.
In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions.
Letterboxing isn’t a new technique. Mozilla is actually integrating a feature that was originally developed for the Tor Browser four years ago, in January 2015.
A demo of the letterboxing anti-fingerprinting feature is available below, as it was first developed for the Tor Browser:
Letterboxing is currently available in Firefox Nightly and will be generally available for all users with the release of Firefox 67 in May.
The feature isn’t enabled by default, though. Firefox users will first need to visit the about:config page, enter “privacy.resistFingerprinting” in the search box, and toggle the browser’s anti-fingerprinting features to “true.”
Firefox’s letterboxing support doesn’t only work when resizing a browser window but also works when users are maximizing the browser window, or entering in fullscreen mode.
According to a Bugzilla entry, this is how Firefox’s letterboxing protection works in these two states:
When the user maximizes the window, the largest possible viewport is used, again a multiple of 200 x 100. Empty gray margins in the chrome part of the window cover the rest of the screen. Similarly, in fullscreen, the viewport is again given dimensions a multiple of 200 x 100, and the chrome areas around it are set to black.
Finally, an extra zoom was applied to the viewport in fullscreen and maximized modes to use as much of the screen as possible and minimize the size of the empty margins. In that case, the window had a “letterbox” (margins at top and bottom only) or “pillbox” (margins at left and right only) appearance. window.devicePixelRatio was always spoofed to 1.0 even when device pixels != CSS pixels.
The only thing that’s missing in Firefox’s letterboxing support is the warning that the Tor Browser shows users when users are maximizing their window.
Firefox’s upcoming letterboxing feature is part of a larger project that started in 2016, called Tor Uplift.
Part of Tor Uplift, Mozilla developers have been slowly porting privacy-hardening features developed originally for the Tor Browser and integrating them into Firefox.
For example, in Firefox 48, Mozilla integrated a list of known user fingerprinting domains that the Tor Project was maintaining to block inside the Tor Browser. That list later morphed and was upgraded into the Enhanced Tracking Protection feature that Mozilla later shipped in Firefox 63.
In Firefox 52, Mozilla added a second Tor Browser anti-fingerprinting technique that prevented websites from identifying users based on their operating system fonts.
The Tor Uplift process later continued in Firefox 55 when Mozilla added a Tor Browser feature known as First-Party Isolation (FPI), which worked by separating cookies on a per-domain basis, preventing ad trackers from using cookies to track users across the Internet. This feature is now at the heart of Project Fission and will morph into a Chrome-like “site isolation” feature for Firefox.
Three releases later, in Firefox 58, Mozilla engineers integrated another Tor Browser anti-fingerprinting technique that prevented websites from tracking users via the HTML5 canvas element.
Upcoming Tor Uplift plans include Mozilla engineers adding support in Firefox for blocking sites from fingerprinting users via VP8 and VP9 codecs, via the AudioContext API, and support for preventing Firefox from loading user details (username, emails, real names) into the operating system RAM.
More browser coverage: