How do we get Mozilla Firefox to protect our privacy by NOT reporting the display size?

[Mike Smith]

How do we get Firefox to protect our privacy by NOT reporting display size?

Something is odd with Firefox that I ask your help in explaining
because I don't like being fingerprinted with every Firefox session.

If I go to eff.panopticlick.org with my Mozilla Firefox for Ubuntu 34.0
the panopticlick web page reports the correct "Screen Size and Color Depth"
of my laptop display.

That's (very) bad, from a fingerprinting standpoint (because it's static).

Yet, if I visit the same site, using the standard Firefox Tor Browser Bundle
FirefoxESR 31.4.0(Tor Browser 4.0.3), that same panopticlick web page only
reports the actual size of the Firefox browser window (and not the display
size).

That's good, from a fingerprinting standpoint (because it can be changed).

My question is what the heck is going on with Firefox?

More to a solution, how do I get the non-Tor Firefox to protect my privacy
by NOT reporting the actual display resolution, but to get it to do what it
does under Tor instead, which is to report the windows size instead?

In summary, the question is:
How do we get Firefox to protect our privacy by NOT reporting display size?

[Caver1]

It takes more then just your display resolution to fingerprint you.

--
Caver1

[Mike Smith]

On Fri, 23 Jan 2015 22:48:12 -0500, Caver1 wrote:

> It takes more then just your display resolution to fingerprint you.

That's wholly irrelevant to the question of how to get Firefox to report
the window size instead of the display size.

One by one, I'm generalizing the dozen or so items that Firefox reports
which can be used to fingerprint us (e.g., system fonts, local storage,
flash cookies, etags, time zone, http headers, etc.).

None of that is relevant to this discussion.

The only topic for this discussion is how the Tor Browser Bundle got
Firefox to report the window size (which changes all the time) and not the
display size (which is, unfortunately, static), and how to get Firefox
to behave similarly.

The question remains...
How do we get Firefox to report the window size & not the display size?

[»Q«]

In
<news:mailman.9125.142206602...@lists.mozilla.org>,

Mike Smith <Mike....@this.is.not.my.real.email.invalid> wrote:

> How do we get Firefox to protect our privacy by NOT reporting display
> size?

> My question is what the heck is going on with Firefox?

Like any modern browser made for general use, it has JavaScript enabled
by default. Enabling JavaScript and avoiding fingerprinting are
mutually incompatible.

Firefox does have security capabilities which allow you to do
what you want, but the UI for them is very difficult for most users.
That said,
<http://www-archive.mozilla.org/projects/security/components/ConfigPolicy.html>
has details about how to deny, and what you want to deny in this case
is access to all the properties of the window.screen object.

> if I visit the same site, using the standard Firefox Tor Browser

I don't know, but the Tor developers may have used CAPS (linked above)
to deny access; if so, you should be able to find the relevant entries
in Tor's prefs.js file and copy them to Firefox's prefs.js. If you
edit any such files, make backups first; a single syntax problem can
break the browser.

[Poutnik]

Dne 1/24/2015 v 3:19 AM Mike Smith napsal(a):

> How do we get Firefox to protect our privacy by NOT reporting display size?
>
> Something is odd with Firefox that I ask your help in explaining
> because I don't like being fingerprinted with every Firefox session.
>
> If I go to eff.panopticlick.org with my Mozilla Firefox for Ubuntu 34.0
> the panopticlick web page reports the correct "Screen Size and Color Depth"
> of my laptop display.
>
> That's (very) bad, from a fingerprinting standpoint (because it's static).

Privacy concerns are OK in general,
but good things brought to extremes become bad.

At this level, it reaches paranoia.

There are much easier ways to identify you than via screen size.

--
Poutnik

[Wayne]

On 1/23/2015 9:19 PM, Mike Smith wrote:
> ...

>
> In summary, the question is:
> How do we get Firefox to protect our privacy by NOT reporting display size?
>

Try installing the "Secret Agent" addon. It randomizes all the
normal fingerprinting data from hundreds of phony systems, for
every request. I like it, even though I sometimes have to reload
before some page will display. (You can also white-list some
sites, so the real data gets reported.)

--
Wayne

[PietB]

Mike Smith wrote:
> If I go to eff.panopticlick.org

That's a bad idea: it's commercial shit.
You should go to panopticlick.eff.org

-p

[Desiree]

No, it doesn't. Panopticlick reports my monitor incorrectly and reports
that it is totally unique. I emailed them about it and never got a
reply. So, it only takes one item to fingerprint you.

[Caver1]

If you really want to see what your browser is revealing about you go to
browserspy.dk.
Panopticlick is weak.
It does take more than just the monitor display to fingerprint you.

--
Caver1

[Chris Ilias]

On 2015-01-23 9:19 PM, Mike Smith wrote:
> How do we get Firefox to protect our privacy by NOT reporting display size?

Mike/Jim/Pehruz/Algor

You never answered my previous request that you email me with a valid
return address explaining why you've been posting with multiple identities.
<https://groups.google.com/d/msg/mozilla.support.firefox/QEh0pIcd724/pRa8MeoKxA0J>

--
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator

[EE]

It is more likely the plugins that you have enabled that can identify
you. After I removed one plugin and disabled another one, I went from
one in 5 million or so down to one in a bit over 350,000.

[WaltS48]

On 01/23/2015 09:19 PM, Mike Smith wrote:

Variable: Screen resolution
Source: JavaScript AJAX post

REF:
[browser-uniqueness.pdf](https://panopticlick.eff.org/browser-uniqueness.pdf)

So it looks like you have to turn off JavaScript.

--
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

[kes]

On 24/01/2015 14:34, Caver1 wrote:
> On 01/24/2015 05:46 AM, Desiree wrote:
>> On 1/23/2015 5:48 PM, Caver1 wrote:
>>> On 01/23/2015 09:19 PM, Mike Smith wrote:

>>>> In summary, the question is:
>>>> How do we get Firefox to protect our privacy by NOT reporting
>>>> display size?
>>>>
>>>
>>> It takes more then just your display resolution to fingerprint you.
>>>
>> No, it doesn't. Panopticlick reports my monitor incorrectly and reports
>> that it is totally unique. I emailed them about it and never got a
>> reply. So, it only takes one item to fingerprint you.
>>
>

> Panopticlick is weak.
> It does take more than just the monitor display to fingerprint you.
>

You should have added - "it only takes monitor display size to
fingerprint you if you are stupid enough to email them to complain about
the error."

I am on Pale Moon (FF clone) and I get no feedback when I go to
Panopticlick.org. Should I complain to them :-) ?

[Desiree]

browserspy.dk is a pathetic site and it either can't detect something or
it gets it completely wrong 85% of the time. A LOT of its tests say
please contact the author so we can update to detect...geez. Plus, that
site says my monitor basically doesn't exist as its says unsupported
for almost everything except screen size which it gets completely
wrong....that worse than what Panopticlick says. Also, browserspy does
NOT tell me if any of the very few things it can detect correctly make
me unique. THAT is what I am interested in and what Panopticlick can
do. Panopticlick is NOT weak. It is a far more useful site than
browserspy.

If the ONLY thing that makes you unique is your incorrectly detected
monitor then, of course, you can be fingerprinted.

[Desiree]

Pale Moon 25.2.0 (x64) is my default browser. I have no problems at
Panopticlick with Pale Moon and never have. You must be blocking the
test with some setting or extension.

I trust EFF. Sorry that you think they are spying on you. I admire EFF
so I see zero problem with emailing a foundation that I admire and agree
with it purposes.

[Desiree]

You are not hiding your plugins? Mine are hidden in Fx by the extension
Hide Plugin and Mimetype Identifiers. No plugins detected by
Panopticlick. You have to remember you have this extension though
because some sites don't work properly if they can't detect your
plugins. The extension doesn't yet have the ability to whitelist sites
so until it does you have to disable the extension briefly if you visit
a site that needs to be able to detect your plugins in order to function
correctly.

[Caver1]

Who cares if you're unique. Panopticlick always shows me that I am the
most unique amongst all of the 4,000,000+ browsers that they have
scanned and what they show as my browser and operating system is always
wrong and different each time. and all everything else is not detected.
I ignore the tests at browserspy that either show nothing or ask to
contact the author which are very few. Some are Windows specific so
they won't show anything for me. Everything else is correct screen size
and all.

--
Caver1

[Mark Lloyd]

On 01/27/2015 05:48 AM, Desiree wrote:

[snip]

> browserspy.dk is a pathetic site and it either can't detect something or
> it gets it completely wrong 85% of the time.

It says I'm using a mobile device with the "Novarra" brand name,
something I've never heard of.

BTW, what I'm actually using is Firefox 35 under the latest Lubuntu, on
a Lenovo Yoga 2 11 laptop, connected through an Asus RT-N16 router
running DD-WRT, on Suddenlink home internet (cable). As far as I know,
none of that has anything to do with "Novarra".

[snip]

--
Mark Lloyd
http://notstupid.us

"Over and above that we let them get rich on our sweat and blood, while
we remain poor and they such the marrow from our bones. [Martin
Luther,"On the Jews and Their Lies",1543]

[Caver1]

On 01/27/2015 02:32 PM, Mark Lloyd wrote:
> On 01/27/2015 05:48 AM, Desiree wrote:
>
> [snip]
>
>> browserspy.dk is a pathetic site and it either can't detect something or
>> it gets it completely wrong 85% of the time.
>
> It says I'm using a mobile device with the "Novarra" brand name,
> something I've never heard of.
>
> BTW, what I'm actually using is Firefox 35 under the latest Lubuntu, on
> a Lenovo Yoga 2 11 laptop, connected through an Asus RT-N16 router
> running DD-WRT, on Suddenlink home internet (cable). As far as I know,
> none of that has anything to do with "Novarra".
>
> [snip]
>

Always shows my browser as what my useragent is showing.

--
Caver1

[Caver1]

On 01/27/2015 02:32 PM, Mark Lloyd wrote:

> On 01/27/2015 05:48 AM, Desiree wrote:
>
> [snip]
>
>> browserspy.dk is a pathetic site and it either can't detect something or
>> it gets it completely wrong 85% of the time.
>
> It says I'm using a mobile device with the "Novarra" brand name,
> something I've never heard of.
>
> BTW, what I'm actually using is Firefox 35 under the latest Lubuntu, on
> a Lenovo Yoga 2 11 laptop, connected through an Asus RT-N16 router
> running DD-WRT, on Suddenlink home internet (cable). As far as I know,
> none of that has anything to do with "Novarra".
>
> [snip]
>

Novarra was bought by Nokia who evidently used it's programming on their
phones.

--
Caver1