Firstly, this does not change the fact that this feature does have
Privacy implications. This is the second 'Intent to Implement' I have
replied to in the past two months that said "No Security or Privacy
Implications" when there are in fact. This trend is disturbing.
Besides that - the goal of anti-fingerprinting is not to make all
users uniform, but rather to make it harder and harder to single
individual users out. The more features we provide about users'
configuration details (like mouse pointer size, type, functionality),
the easier it is to single them out. For private browsing modes,
ideally there would be a mapping or abstraction mechanism that covers
a common denominator.
I'm not sure how much review this feature has had. In (my) ideal
world, I think when we add a feature like this, the first question we
would ask is "Why is this detailed information needed in the first
place?" and if we have a compelling answer, we would follow it up with
"Why can't we make this optional, so that it's either not exposed in
privacy preserving modes or is only exposed in ways that represent
user intention to release it?" Perhaps these questions were already
considered. But if no one thought this information was related to
Privacy to begin with, my assumption is that they were not given
serious weight.
Finally, Mozilla _is_ actively working on making users less
fingerprintable. We're devoting resources to integrating
anti-fingerprinting patches
(
https://wiki.mozilla.org/Security/Fingerprinting), which is the
groundwork needed to expose the functionality to users (beyond
individual pref flags). Obviously this is tricky - it's hard to put
smoke back into bags once it's bet let out and relied upon all over
the web (which is why it's so important to adequately consider things
in Intent to X threads.). We're exploring options for this in
https://bugzilla.mozilla.org/show_bug.cgi?id=1308340 but some ideas
have been integrating with Private Browsing Mode and/or Tracking
Protection. Of course this presumes adequate research to measure
breakage, etc etc - but my point is - we're not ignoring this problem
and we do in fact care about it.
-tom