(A)broswer and privacy: Don't allow to to maximise window fully

5 respuestas [Último envío]
GNUbahn
Desconectado/a
se unió: 02/18/2016

When using the tor browser, on is warned that maximising the window 'can allow websites to determine your monitor size, which can be used to track you' and one is further advised to leave the 'browser windows in their original default size'.

I suppose that when most people use the same windows size, it is harder for a website to identify your machine.

Since the tor browser does not give you a warning if you enlarge the window from its default size, I suppose that not maximising is perhaps not as good as keeping the default size, but not as bad as revealing your displays maximum size. Is that right? Does the browser reveal if the window size resembles the maximum size of the display?

Would it be possible to make e.g. Abrowser not able to maximise fully but only into e.g maximum screen size minus 3%? And would that help guard the users privacy?

Yeldham
Desconectado/a
se unió: 05/05/2018

Abrowser is just a rebranded Firefox Quantum with some few privacy goodies, its purpose is to be lax in said privacy aspect than, for example, Icecat.

So I think such feature would't fit with its goals.

3n3r6yD
Desconectado/a
se unió: 01/22/2015

You can go to https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html and see what your browser reveals about your screen size.
Probably every browser (with default settings) except tor-browser will reveal your screen size totally independent of your actual browser window size i think.

pengnuin
Desconectado/a
se unió: 08/17/2017

Interesting topic. Thanks for bringing it up, GNUbahn.

IIRC, the Tor Browser does indeed notify the user when resizing the window from the default size it launches at, whether by maximizing or resizing it manually.
This warning stems from the fact that websites can determine the users' browser window resolution. As you correctly stated, if many users are browsing with the same browser window resolution, any website will have less information to use in order to identify the user with.

The goal of keeping the browser at the same size would be to keep e.g. a Tor Browser user in line with other Tor Browser users, thus minimizing the risk of personal identification further. The suggestion you brought up with respect to letting the user resize the browser window up to 3% (or any %, really) would defeat the purpose by causing a deviation of a few pixels from the "default" (under the assumption that the standard browser resolution is fairly common). This would, in fact, make it easier to identify users. The information that a website operator would receive looks similar to the following: 1280x1024x24, with the former two numbers being the X and Y resolution and the latter being the color depth.

Assuming your idea were implemented, the user would end up with something like 1299x1039x32, with other users having slightly deviating resolutions. This would make it trivial to track them across sites more so than a standard browser maximized on a screen with a common resolution (such as 1920x1080 for desktop monitors).

The link posted by 3n3r6yD is rather useful in order to understand it, due to it being interactive.

I hope I didn't bore you too much! I definitely would be for having a fixed browser resolution being an option in Abrowser that could be toggled from the new tab screen, but I am uncertain as to the technical possibility, seeing that the windows are managed by the window manager, which the browser probably shouldn't have direct influence on considering the security implications when (not if) a security exploit were to be found in the web browser.

GNUbahn
Desconectado/a
se unió: 02/18/2016

Thanks for letting me in on these technical aspects.

Tor browser opens in a quite small window, which may (?) be good to cover users with low resolution screens. It would be nice to have a fixed browser resolution which is a bit larger.

Hopefully someone with technical skills to do so sees this. Would it be possible to make and add-on for that?

Hdesmi
Desconectado/a
se unió: 04/11/2015

See also the following issue ticket:

'Abrowser (v50.0.2) does not remember previous window settings'
https://trisquel.info/fr/issues/24058