MozillaWiki

Security/Fingerprinting

< Security
Revision as of 06:40, 13 June 2017 by Ethantseng (talk | contribs) (Adjust the dashboard query)

Cross-Origin Fingerprinting Unlinkability

The anti-fingerprinting project is part of the Tor Uplift project.
Its goal is to build up the same level of fingerprinting resistance as the Tor Browser in Firefox.
Refer to the design and implementation document of the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

Bug Tracking

All fingerprinting bugs are being tracked under the meta bug:
bug 1329996 - [META] Support anti-fingerprinting protection

Priority Definition

  • P1: MVP (Minimum Viable Product)
  • P2: Nice to Have
  • P3: Backlog
  • Any bug which is marked as [fp:m1-3] in the Whiteboard is also MVP, regardless of its Priority

Whiteboard Definition

  • [fingerprinting]: Indicate this is a fingerprinting bug
  • [fp:m1]: Target milestone is M1 (2017-06-12 Firefox 55)
  • [fp:m2]: Target milestone is M2 (2017-08-07 Firefox 56)
  • [fp:m3]: Target milestone is M3 (2017-09-25 Firefox 57)
  • [fp:backlog]: Backlog bugs

Dashboard

MVP: M1 Bugs List (2017-06-12 Firefox 55)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1345322 Create the preference privacy.resistFingerprinting in firefox.js RESOLVED Firefox Settings UI Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true RESOLVED Core DOM: Core & HTML Chris Peterson [:cpeterson] 1217238 [tor 21675][fingerprinting][fp:m1]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) RESOLVED Core JavaScript: Standard Library Jonathan Hao (inactive) [:jhao] 1430975, 1437266, 1442863 [fingerprinting][tor][fp:m1]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns RESOLVED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] RESOLVED Core General Tom Ritter [:tjr] 1382840, 1385597, 1409973 [fingerprinting][tor 16622][fp:m1][fp-triaged]

5 Total; 0 Open (0%); 5 Resolved (100%); 0 Verified (0%);


MVP: M2 Bugs List (2017-08-07 Firefox 56)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] RESOLVED Core Graphics: Color Management Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true RESOLVED Core DOM: Device Interfaces Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
1369357 Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true VERIFIED Firefox General Chung-Sheng Fu [:cfu] 1377820 [fingerprinting][tor][fp:m2]
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true RESOLVED Core JavaScript Engine [fingerprinting][tor][fp:m2]
1369327 Making reader view users uniform when 'privacy.resistFingerprinting' is true RESOLVED Toolkit Reader Mode Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m2]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled RESOLVED Core Web Speech Tim Huang[:timhuang] [tor][fingerprinting][fp:m2]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled RESOLVED Core DOM: Security Tim Huang[:timhuang] 1337161, 1369303 [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1369303 Spoof/Disable performance API when 'privacy.resistFingerprinting' is true VERIFIED Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369309 Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true VERIFIED Core Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369319 Disable device sensors when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Device Interfaces Tim Huang[:timhuang] 1390391 [fingerprinting][tor][fp:m2]
1369328 Open popup windows in new tabs when 'privacy.resistFingerprinting' = true RESOLVED Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2][domsecurity-active]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1372072 Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true RESOLVED Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]

13 Total; 0 Open (0%); 10 Resolved (76.92%); 3 Verified (23.08%);


MVP: M3 Bugs List (2017-09-25 Firefox 57)

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
1383495 Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled RESOLVED Core DOM: Security Ethan Tseng [:ethan] 1472618 [tor][fingerprinting][fp:m3][domsecurity-active]
863246 resource:// URIs leak information (Tor 8725) VERIFIED Core Security Chung-Sheng Fu [:cfu] 1395286, 1395486, 1433715 [tor][fingerprinting][fp:m3]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) RESOLVED Core Graphics: Canvas2D Chung-Sheng Fu [:cfu] 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 [tor][fingerprinting][fp:m3][ux]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting RESOLVED Firefox Settings UI Chung-Sheng Fu [:cfu] 1515001 [tor][fingerprinting][fp:m3][ux]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) RESOLVED Core Graphics: CanvasWebGL Chung-Sheng Fu [:cfu] [tor][tor-standalone][fingerprinting][fp:m3]
1354633 blank MediaError.message when resisting fingerprinting RESOLVED Core Audio/Video: Playback Chung-Sheng Fu [:cfu] [tor 21792][fingerprinting][fp:m3]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true RESOLVED Core WebRTC: Audio/Video Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m3]
1382499 Touch API leaks absolute screen coordinates RESOLVED Core DOM: Events Chung-Sheng Fu [:cfu] [tor 10286][fingerprinting][fp:m3]
1382533 When resisting fingerprinting, don't expose local IP Addresses via mDNS RESOLVED Core DOM: Core & HTML Chung-Sheng Fu [:cfu] [tor 22165][fingerprinting][fp:m3]
1330892 <isindex> leaks user locale RESOLVED Core DOM: HTML Parser 1266495 [fingerprinting][tor][fp:m3]
1222285 Keyboard layout is leaked by KeyboardEvent RESOLVED Core DOM: UI Events & Focus Handling Tim Huang[:timhuang] 1439784, 1433592, 1438795, 1470828 [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged]
1382545 Animation API exposes high-res time stamp RESOLVED Core DOM: Animation Tim Huang[:timhuang] 1217238 [tor 16337][fingerprinting][fp:m3]
1384330 Don't expose window.navigator.mozAddonManager data when privacy.resistFingerprinting=true VERIFIED Toolkit Add-ons Manager Tim Huang[:timhuang] [tor 21684][fingerprinting][fp:m3]

13 Total; 0 Open (0%); 11 Resolved (84.62%); 2 Verified (15.38%);


MVP: Bugs To Be Triaged

The following bugs are MVP bugs which are not specified priority yet.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Fingerprinting P2 Bugs List

Full Query
ID Summary Status Product Component Assigned to Depends on Whiteboard
467035 <!DOCTYPE> ignores contentaccessible, leaks DTD strings and therefore browser UI locale RESOLVED Core XML Alex Catarineu (Tor Browser dev) 1228117 [sg:low][fingerprinting][fp-triaged][tor 30304][adv-main70-]
1396468 Spoof navigator.oscpu as 'Windows NT 6.1; Win64; x64' when resisting fingerprinting is enabled RESOLVED Core DOM: Security Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1393283 privacy.resistFingerprinting should change the user agent to 52, not 50 RESOLVED Core DOM: Security Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1433592 Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled VERIFIED Core DOM: UI Events & Focus Handling Arthur Edelstein [:arthur] [fingerprinting-breakage][tor 17009]
1354633 blank MediaError.message when resisting fingerprinting RESOLVED Core Audio/Video: Playback Chung-Sheng Fu [:cfu] [tor 21792][fingerprinting][fp:m3]
1382533 When resisting fingerprinting, don't expose local IP Addresses via mDNS RESOLVED Core DOM: Core & HTML Chung-Sheng Fu [:cfu] [tor 22165][fingerprinting][fp:m3]
1511763 privacy.resistFingerprinting: Fix calculation of spoofed ESR version for ESR >= 68.0 RESOLVED Core DOM: Security Chris Peterson [:cpeterson] [domsecurity-active][fp-triaged]
1511434 privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14 RESOLVED Core DOM: Security Chris Peterson [:cpeterson] [tor][fingerprinting][domsecurity-active][fp-triaged]
1408702 Resist fingerprinting causes scrollbar glitch in Firefox 58 RESOLVED Core Layout Emilio Cobos Álvarez (:emilio) [tor][fingerprinting-breakage]
1436226 Hardcode VP8/VP9 algorithm choice when resisting fingerprinting RESOLVED Core Audio/Video: Playback Fatih Kilic [:fkilic] [tor 22548] [fingerprinting][fp-triaged]
1876636 With privacy.resistFingerprinting track.label & track.getSettings().deviceId differ from enumerateDevices() RESOLVED Core WebRTC: Audio/Video Jan-Ivar Bruaroey [:jib] (needinfo? me)
1948457 Window rounding fingerprinting protection no longer works with vertical tabs enabled, all windows created maximized NEW Firefox Sidebar [fidefe-sidebar]
1485249 WebGL extensions should be disabled when private.resistFingerprinting is enabled NEW Core Graphics: CanvasWebGL [tor 6370][gfx-noted][fingerprinting][fp-triaged]
1690038 Scrollbar is enabled and disabled based on a setting in macOS system preferences RESOLVED Core DOM: Security [fingerprinting][tor 22632]
1397996 scrollbar thickness reveals platform NEW Core DOM: Core & HTML [tor][fingerprinting][fp-triaged][tor 22137]
1519122 In RFP Mode, spoof the modifier state "Meta" in OSX into a "Ctrl" state in keyboard events. RESOLVED Core DOM: UI Events & Focus Handling 1404608, 1405810 [tor][fingerprinting]
1414311 New window size is different than expected after changing screen dpi (with privacy.resistFingerprinting pref enabled) NEW Core Privacy: Anti-Tracking [fingerprinting][fp-triaged][tor 30970]
1041818 take steps to mitigate canvas fingerprinting NEW Core Graphics 665630, 1502831, 1647906 [fingerprinting][tor][fp-triaged]
1470828 privacy.resistFingerprinting breaks some shortcut keys RESOLVED Core DOM: UI Events & Focus Handling [fingerprinting][fp-triaged]
1456378 privacy.resistFingerprinting breaks image cropping in Expensify RESOLVED Core DOM: Security [domsecurity-backlog1][fingerprinting][fp-triaged]
1564422 Change `outputLatency` and `getOutputTimestamp` when `resistFingerPrinting` is enabled RESOLVED Core Web Audio Paul Adenot (:padenot)
1290481 Implement mitigations for opaque response storage in the DOM cache RESOLVED Core DOM: Core & HTML Tom Tung [:tt, :ttung] 1468434, 1367309, 1398043, 1398231, 1402581 [storage-v1][fingerprinting][adv-main57-]
1384330 Don't expose window.navigator.mozAddonManager data when privacy.resistFingerprinting=true VERIFIED Toolkit Add-ons Manager Tim Huang[:timhuang] [tor 21684][fingerprinting][fp:m3]
1460145 privacy.resistfingerprinting breaks the square selection on the HOT Tasking Manager RESOLVED Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1468957 privacy.resistFingerprinting set to true breaks https://www.google.com/streetview/ RESOLVED Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1446472 privacy.resistFingerprinting is true blocks QR code (canvas) on web.whatsapp.com without any notice RESOLVED Core Graphics: Canvas2D Tim Huang[:timhuang] [fingerprinting] [gfx-noted][fp-triaged]
1492766 Fingerprinting protection for pointerEvent.pointerid RESOLVED Core DOM: Events Tim Huang[:timhuang] [fingerprinting][fp-triaged]
1382545 Animation API exposes high-res time stamp RESOLVED Core DOM: Animation Tim Huang[:timhuang] 1217238 [tor 16337][fingerprinting][fp:m3]
680300 Restrict discoverability of protocol handlers [Tor 1623] RESOLVED Core Networking Tim Huang[:timhuang] 1514834 [fingerprinting][probing][necko-backlog][tor]
1461454 Support Resist Fingerprinting in canPlayType and Media Capabilities APIs RESOLVED Core Audio/Video: Playback Tom Ritter [:tjr] [tor 13543][fingerprinting][fp-triaged]
1393662 Making IsResistFingerprintingEnabled() checks in nsRFPService::ReduceTimePrecisionAs* inline and changing the name of nsRFPService::ReduceTimePrecisionAs* into MaybeReduceTimePrecisionAs* RESOLVED Core DOM: Security Tom Ritter [:tjr] [fingerprinting][tor][domsecurity-backlog][fp:m4]
1337157 privacy.resistFingerprinting should disable WEBGL_debug_renderer_info RESOLVED Core Graphics: CanvasWebGL Tom Ritter [:tjr] 1171228 gfx-noted, [tor][fingerprinting]
1376865 Do not display Canvas Prompt unless triggered by user input VERIFIED Core Graphics: Canvas2D Tom Ritter [:tjr] 967895 [tor][fingerprinting][gfx-noted][fp:m4]
1407366 When privacy.resistFingerprinting=true, dynamically round content dimensions RESOLVED Core Window Management Tom Ritter [:tjr] 1594455, 1790988, 1489493, 1595394, 1620347, 1640548, 1744439, 1788839 [fingerprinting][fp-triaged][tor 14429]
1621433 In RFP mode, turn the all-white canvas into a fully random 'poison pill' RESOLVED Core DOM: Security Tom Ritter [:tjr] [fingerprinting][domsecurity-active]
1397757 Need "Learn More" page for HTML5 Canvas warning of fingerprinting resistance VERIFIED Firefox Page Info Window Tom Ritter [:tjr] [tor][fingerprinting][fp-triaged]
1693861 Collect Telemetry for how many users have enabled RFP RESOLVED Core DOM: Security Tom Ritter [:tjr] [domsecurity-active]
1447592 Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false RESOLVED Firefox Security Tom Ritter [:tjr] [fingerprinting-breakage]
1827576 RFP Math sin/cos/tan spoofing missing for asm.js RESOLVED Core JavaScript: WebAssembly Tom Schuster (MoCo) 531915, 1823880
1485266 When privacy.resistFingerprinting = true, use stand-ins for native colors RESOLVED Core Graphics: Color Management Gary Chen [:xeonchen] [tor][gfx-noted][fingerprinting][fp-triaged]
1486258 Regression tests to check that new Intl APIs respect privacy.spoof_english RESOLVED Core JavaScript: Internationalization API Gary Chen [:xeonchen] [tor 26611][fingerprinting][fp-triaged]
1492587 Ensure the date picker does not leak user locale when "privacy.spoof_english" == 2 RESOLVED Toolkit UI Widgets Gary Chen [:xeonchen] [tor 21787][fingerprinting][fp-triaged]
1560574 ftp:// on Windows can be used to leak the system time zone (Tor 30800) RESOLVED Core Graveyard Networking: FTP Gary Chen [:xeonchen] 1564434 [fingerprinting][tor 30800] [necko-triaged]

43 Total; 5 Open (11.63%); 34 Resolved (79.07%); 4 Verified (9.3%);


Fingerprinting P3-P5 Bugs List

Full Query
ID Summary Status Priority Product Component Assigned to Depends on Whiteboard
1561322 UI locale is detectable by button width RESOLVED -- Firefox Untriaged Alex Catarineu (Tor Browser dev) [tor 24056]
1581537 Browser UI locale is leaked in several ways RESOLVED P3 Core DOM: Core & HTML Alex Catarineu (Tor Browser dev) [tor 30683][fingerprinting]
1383495 Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled RESOLVED P3 Core DOM: Security Ethan Tseng [:ethan] 1472618 [tor][fingerprinting][fp:m3][domsecurity-active]
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) RESOLVED P3 Core Graphics: Text Arthur Edelstein [:arthur] 1306715, 1426544, 1458364 [gfx-noted] [tor][fingerprinting]
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) RESOLVED -- Firefox Settings UI Arthur Edelstein [:arthur] [tor][fingerprinting][fp-backlog][fp-triaged]
267645 Page can obtain path to Mozilla installation or possibly profile by examining JavaScript exceptions RESOLVED P3 Core Security Boris Zbarsky [:bzbarsky] 268370, 503228 [sg:want] stepping-stone [fingerprinting][fp-triaged][adv-main75-]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true RESOLVED P3 Core WebRTC: Audio/Video Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m3]
1382499 Touch API leaks absolute screen coordinates RESOLVED P3 Core DOM: Events Chung-Sheng Fu [:cfu] [tor 10286][fingerprinting][fp:m3]
583181 Don't reveal navigator.buildID to every site on the web RESOLVED P3 Core DOM: Core & HTML Chris Peterson [:cpeterson] 966030, 1216225, 1493490 [fingerprinting]
1635011 resistFingerprinting: Bump spoofed OS versions to macOS 10.15 and Android 9 RESOLVED P3 Core DOM: Security Chris Peterson [:cpeterson] 1511434 [domsecurity-active]
1680365 RFP userAgent/header on Android doesn't follow Fenix naming convention RESOLVED P3 Core DOM: Security Chris Peterson [:cpeterson] [domsecurity-backlog1]
1711179 resistFingerprinting: Bump spoofed Android OS version to 10 RESOLVED P3 Core DOM: Security Chris Peterson [:cpeterson] 1635011 [domsecurity-active]
1832598 Smooth scrolls are disabled if the user prefers-reduced-motion regardless of fingerprint resistance RESOLVED -- Core Layout: Scrolling and Overflow Dan Robertson (:dlrobertson)
1390465 disable or limit WebVTT with privacy.resistFingerprinting RESOLVED P3 Core Audio/Video: Playback Fatih Kilic [:fkilic] [tor][fingerprinting][fp-triaged]
1422862 Make OffscreenCanvas respect Canvas Permission Prompt so you don't always get a placeholder ASSIGNED P3 Core Graphics: Canvas2D Fatih Kilic [:fkilic] 967895 [fingerprinting][gfx-noted][fp-triaged][fpp:m8]
1507280 Ensure the reporting URI respects Resist Fingerprinting wrt locale RESOLVED P3 Core DOM: Security Fatih Kilic [:fkilic] 1492036 [fingerprinting][fp-triaged][domsecurity-backlog]
1781277 Do not base storage estimate on user's disk when RFP is enabled ASSIGNED -- Core Storage: Quota Manager Fatih Kilic [:fkilic] 1735713
1832845 Remove the pref `autoDeclineNoUserInputCanvasPrompts` RESOLVED -- Core Privacy: Anti-Tracking Fatih Kilic [:fkilic] 1832681
1834307 Smooth scrolls are disabled if the user prefers-reduced-motion regardless of fingerprint resistance VERIFIED P3 Core Layout: Scrolling and Overflow Fatih Kilic [:fkilic] 1832598
1871789 RFPTarget PointerEvents leaks mozPressure + mozInputSource RESOLVED -- Core DOM: Events Fatih Kilic [:fkilic]
1891690 EXSLT leaks timezones also when RFP is enabled RESOLVED -- Core XSLT Fatih Kilic [:fkilic]
1899736 Can not use 2nd webcam at webcamtests.com with privacy.resistFingerprinting enabled RESOLVED -- Firefox for Android Media Fatih Kilic [:fkilic] 1900402
1914839 Port resist fingerprinting logic from MediaCapabilities decode side to the encode side ASSIGNED -- Core Audio/Video: Recording Fatih Kilic [:fkilic]
1924087 SVG Switch Element leaks language even with spoof language RESOLVED P3 Core Privacy: Anti-Tracking Fatih Kilic [:fkilic]
1944211 RFPTarget PointerEvents mozPressure not compat RESOLVED -- Core DOM: Events Fatih Kilic [:fkilic]
1222924 Stop exposing the moz-icon URL scheme to the web RESOLVED P3 Core Graphics: ImageLib :Gijs (he/him) [gfx-noted][fingerprinting][fp:m4][adv-main59-]
1478158 Guard prefers-reduced-motion by Resist Fingerprinting pref RESOLVED P3 Core CSS Parsing and Computation Hiroyuki Ikezoe (:hiro) 1479230, 1479239 [fingerprinting]
1459089 Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers RESOLVED -- Firefox for Android Graveyard General Igor Oliveira [fingerprinting]
1538130 privacy.resistFingerprinting should not create windows with rounded dimensions when letterboxing is enabled RESOLVED P5 Core Window Management Kestrel 1407366 [fingerprinting][tor]
654550 Preference to disable video statistics RESOLVED -- Core Audio/Video leonard.beck [tor] [fingerprinting]
1673237 ignore svg.disabled=false in about pages RESOLVED -- Core SVG sanketh [tor 27002]
1601040 Add UI for modifying resistFingerprinting prefs when privacy.resistFingerprinting is enabled RESOLVED -- Firefox Settings UI morgan (Tor Project) [tor 32325][fingerprinting]
572650 [meta] Reduce the amount of data and entropy sent out in HTTP requests NEW P5 Core Networking: HTTP 566434, 736373, 1556223, 1609304, 414057, 527886, 572652, 572656, 572659, 572661, 572665, 572667, 572668, 581008, 581783, 582421, 583181, 584683, 586165, 588909, 588913, 591537, 591573, 630357, 643352, 648186, 669814, 697383, 728582, 728585, 728831, 728888, 728894, 728952, 729089, 757726, 765048, 793978, 799899, 817450, 1054739, 1090433, 1313580, 1861847, 1873273 [fingerprinting][necko-would-take][fp-triaged]
732096 Add a preference to prevent local font enumeration RESOLVED P3 Core Layout 1121643 [fingerprinting][tor][tor-standalone]
779197 Use a protocol not accessible from content RESOLVED P3 Add-on SDK Graveyard General 820213, 852297 [fingerprinting]
811582 window JS object provides a large amount of identifiable information RESOLVED -- Core DOM: Core & HTML [fingerprinting][fp-triaged]
903959 custom resource://foo/ allows fingerprinting addons RESOLVED -- Core Security [fingerprinting]
1077986 offline storage permission setting not working correctly RESOLVED -- Firefox Settings UI [tor][fingerprinting]
1216800 some chrome code may be incorrectly receiving spoofed devicePixelRatio RESOLVED -- Core DOM: Core & HTML [fingerprinting]
1233691 Redesign mediaDevices.enumerateDevices() API RESOLVED -- Core WebRTC
1314448 Create a build target that adds --disable-webrtc to the mozconfig RESOLVED P3 Release Engineering General [tor][tor-testing][fingerprinting]
1315203 XSHM: Cross Site History Manipulation (information leakage) NEW P3 Core DOM: Navigation 1436489 [fingerprinting][fp-triaged]
1320465 Favicon is added to bookmark in Private Browsing mode VERIFIED -- Firefox Private Browsing
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] REOPENED P3 Core XUL 1475973, 1600044, 1352141, 1352305, 1353894, 1355717, 1364398, 1401440, 1418537 [fingerprinting][tor][fp-triaged]
1364261 Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true RESOLVED P3 Core Privacy: Anti-Tracking 1401440 [tor][fingerprinting-breakage][fp-backlog][fp-triaged]
1392844 Ensure that Stylo respects privacy.resistFingerprinting RESOLVED P3 Core Layout [tor][fingerprinting][stylo][fp-backlog]
1394735 Enabling privacy.resistFingerprinting causes jank in jquery scrolling RESOLVED -- Core Layout 1424341 [fingerprinting][fp-triaged]
1398303 Local Storage not cleared by Clear Recent History VERIFIED -- Core DOM: Core & HTML [tor][fingerprinting]
1399279 initial viewport too small for fullscreen WebApps with privacy.resistFingerprinting enabled RESOLVED P5 Firefox for Android Graveyard Web Apps (PWAs) [fingerprinting][fp-triaged][tor-mobile]
1400582 Deleting all history still leaves some traces that can be used to precisely track individual users. RESOLVED P3 Core Storage: IndexedDB [tor][fingerprinting]
1401493 Perform Fingerprint Comparison of Tor Browser and Firefox NEW P3 Firefox Settings UI 1403813, 1403876, 1413707, 1413837, 1413842, 1414001, 1414153, 1428331 [tor][fingerprinting][fp-triaged]
1403099 game in http://www.best.io/paper-io has very bad performance due to anti-fingerprinting setting (needs higher resolution timer) RESOLVED P5 Core DOM: Security 1424341 [domsecurity-backlog][fingerprinting][fp-triaged]
1403747 When privacy.resistFingerprinting is true, warn users not to maximize their window NEW P5 Core Window Management [tor][fingerprinting][fp-triaged]
1405842 Devices returned from enumerateDevices have the same deviceId across originattributes RESOLVED -- Core WebRTC: Audio/Video [usercontextId][tor]
1409809 Constantly remind people about privacy.resistFingerprinting RESOLVED -- Firefox Security [fingerprinting-breakage]
1409974 KeyboardEvent.location could be used as a user behavior fingerprinting vector. NEW P3 Core DOM: UI Events & Focus Handling [fingerprinting][fp-triaged]
1418537 Bad window height set when bookmarks toolbar is open with resistfingerprinting option RESOLVED P3 Core Window Management [fingerprinting][fp-triaged][tor 27845]
1420234 The privacy.resistFingerprinting flag interferes with the JS Date object RESOLVED -- Core JavaScript Engine [fingerprinting]
1422482 OS username disclosure using downloads manager NEW P3 Firefox Downloads Panel [fingerprinting][tor]
1422890 Add additional Canvas Fingerprinting Tests NEW P3 Core Graphics: Canvas2D [fingerprinting][gfx-noted][fp-triaged]
1425130 Sensor API exposes a High-Res timestamp RESOLVED P3 Core DOM: Security [fingerprinting][domsecurity-backlog1][fp-triaged]
1428331 HiDPI and privacy.resistFingerprinting RESOLVED -- Core Layout 1554751 [fingerprinting][fp-triaged]
1432506 Implement the Canvas Permission Prompt on Fennec RESOLVED P3 Firefox for Android Graveyard General 1413780 [fingerprinting][fp-triaged]
1433815 Ensure EnableOrientationChangeListener respects privacy.resistFingerprinting RESOLVED P3 Core DOM: Core & HTML [tor-mobile][fingerprinting][fp-triaged]
1437266 Navigating back on youtube sometimes fails and restarts the current video with resistFingerprinting enabled RESOLVED P3 Core DOM: Security 1776678, 1803976 [fingerprinting][domsecurity-backlog1][fp-triaged]
1437349 Detect if user install certain software with external protocol RESOLVED -- Core DOM: Security [fingerprinting]
1439784 Fix the KeyboardEvent mochitests NEW P3 Core DOM: UI Events & Focus Handling 1358653, 1438795 [tor][fingerprinting][fp-triaged]
1442863 Smooth scrolling implementations perform badly with resistFingerprinting's reduced timer precision RESOLVED P3 Core DOM: Core & HTML [fingerprinting][fp-triaged]
1450401 mozFullScreen leaks exact screen resolution NEW P3 Core Window Management [fingerprinting][fp-triaged]
1450561 Resist screen elements dimensions fingerprinting RESOLVED P5 Core DOM: Security [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1462115 privacy.resistfingerprinting affects the timezone displayed in native file picker dialogs RESOLVED P3 Core DOM: Security 1491343 [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1466025 enforce DNT header when privacy.resistFingerprinting=true RESOLVED P3 Core DOM: Security [fingerprinting][domsecurity-backlog1][fp-triaged]
1472808 For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale NEW P3 Core DOM: UI Events & Focus Handling [tor][fingerprinting][fp-triaged]
1485258 When privacy.spoof_english is true, don't reveal locale by charset fallback NEW P3 Core DOM: HTML Parser [tor 20025][fingerprinting][fp-triaged]
1485268 When privacy.resistFingerprinting = true, Reader mode shouldn't parse on load RESOLVED -- Toolkit Reader Mode [tor]
1485280 Prevent fingerprinting by SpeechRecognition RESOLVED P3 Core Web Speech [tor][fingerprinting][fp-triaged]
1490728 Improve discoverability/explanation of RFP NEW P3 Core DOM: Security [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1492775 Consider how to do fingerprinting resistance for pointer events for mobile RESOLVED P3 Core DOM: Events 1507495 [fingerprinting][fp-triaged]
1507879 Investigate getClientRects for fingerprinting NEW P3 Core DOM: CSS Object Model 1538718 [tor 29564][fingerprinting][fp-triaged]
1529391 Don't spoof version number in User Agent with privacy.resistFingerprinting enabled RESOLVED P3 Core DOM: Security [fingerprinting][domsecurity-backlog]
1535761 [meta] Remove native theming for content RESOLVED P3 Core Widget 1381938, 1411425, 1615026, 1615028, 1615105, 1615830, 1618260, 1619425, 1620246, 1620297, 1620307, 1620360, 1620362, 1620451, 1620476, 1620479, 1621319, 1621331, 1625716, 1627961, 1638821, 1646558, 1671401, 1671516, 1671703, 1673287, 1674010, 1675132, 1682210, 1682731, 1685010, 1685196, 1685225, 1685962, 1685963, 1686606, 1686613, 1687177, 1687178, 1687202, 1687838, 1687865, 1687881, 1688325, 1688978, 1689094, 1689098, 1689252, 1689286, 1689477, 1689615, 1689848, 1690140, 1690194, 1690842, 1690910, 1690954, 1691064, 1691183, 1692306, 1693591, 1694059, 1695984, 1696378, 1696437, 1696988, 1697053, 1697055, 1697110, 1698284, 1698302, 1698318, 1698336, 1698343, 1698783, 1698969, 1699800, 1699930, 1700794, 1700802, 1702282, 1702755, 1709634, 1764172 [fingerprinting][overhead:noted][fp-triaged] [not-a-fission-bug]
1539503 Ensure CSS device-pixel-ratio (and related) and imgset/srcset obeys Fingerprinting Resistance RESOLVED -- Core CSS Parsing and Computation [fingerprinting][tor]
1542676 Round subpixel accuracy of window properties to integers when resistfingerprinting is enabled NEW P3 Core DOM: Core & HTML [tor 26607][fingerprinting]
1560816 screen size under privacy.resistFingerprinting should return nearest closest common resolution instead of exact window dimensions RESOLVED P3 Core DOM: Security [domsecurity-backlog3]
1586657 Dialog for spoofing the locale in resist-fingerprinting-mode contains non-localized buttons RESOLVED P3 Core Internationalization [tor 31980]
1607027 css @media device-pixel-ratio and RFP RESOLVED -- Core CSS Parsing and Computation
1615419 Panopticlick says browser has a unique fingerprint even with privacy.resistFingerprinting = true and Content Blocking: Strict RESOLVED -- Core Privacy: Anti-Tracking
1615483 hide VR devices when privacy.resistFingerprinting = true RESOLVED -- Core WebVR [fingerprinting]
1621988 Some Google Docs Shortcuts still don't work under Resist Fingerprinting RESOLVED P3 Core DOM: Security [tor][fingerprinting][domsecurity-backlog1]
1625771 privacy.resistFingerprinting: Fix calculation of spoofed ESR version (affecting releases >=76) RESOLVED -- Core DOM: Security
1628373 Lie better about desktop platform when privacy.resistFingerprinting is set to true RESOLVED -- Core DOM: Security
1640449 Privacy and security features should prevent localhost and local network WebSocket abuse RESOLVED P3 Core DOM: Networking [fingerprinting][necko-triaged]
1670199 RFP + font visibility = 1: entropy improvements RESOLVED -- Core Layout: Text and Fonts
1672093 css @media RFP + window/screen subpixel entropy REOPENED P3 Core CSS Parsing and Computation
1677733 Bookmarks toolbar for new tabs changes screen resolution for new window when privacy.resistFingerprinting is turned on NEW P3 Firefox Bookmarks & History [sng]
1708593 Enhance resist fingerprinting: Disable web audio (API) by default when privacy.resistFingerprinting is enabled RESOLVED -- Core Security
1709330 audit PDF.js for RFP and dFPI RESOLVED P5 Firefox PDF Viewer [pdfjs-integration]
1758520 Disable WebGPU when RFP is enabled RESOLVED -- Core Graphics: WebGPU
1762390 Should Gecko_MediaFeatures_MatchesPlatform account for ResistFingerprinting? RESOLVED -- Core DOM: CSS Object Model
1772711 privacy.resistFingerprinting caps fps to 60 RESOLVED P3 Core Privacy: Anti-Tracking
1781172 report real world system font set when enable privacy.resistFingerprinting RESOLVED -- Core Layout: Text and Fonts
1818894 RFP: harden network information protection RESOLVED -- Core DOM: Core & HTML [fingerprinting]
1823580 Act as though intl.regional_prefs.use_os_locales is false when RFP is enabled NEW -- Core DOM: Security [domsecurity-backlog]
1825378 RFP offscreen canvas allows extension override RESOLVED -- Core Graphics: Canvas2D
1876810 With privacy.resistFingerprinting, "☑ Remember this decision" forgetting which camera and microphone was shared is confusing NEW P3 Core WebRTC: Audio/Video 1876636
1909736 RFP: hide textDecoration's underline computedStyle on links NEW -- Core CSS Parsing and Computation
1947439 RFP new window size is off because of roundings on partial values NEW P3 Core Window Management
1954170 PreXULSkeletonUI doesn't trigger RoundWindowSize RFP Target NEW P3 Core Privacy: Anti-Tracking
1957254 RFP: provide [more plausible] hardwareConcurrency per OS NEW -- Core DOM: Core & HTML
1595823 Fix the AudioContext's sample-rate if privacy.resistFingerprinting is enabled RESOLVED P3 Core Web Audio Paul Adenot (:padenot) [fingerprinting]
1397994 CSS line-height reveals platform RESOLVED P5 Core CSS Parsing and Computation Pier Angelo Vendrame [tor 23104][tor 23701][tor 29563][fingerprinting][fp-triaged]
1745715 Bundled fonts should have Base visibility even when they are also system-wide installed RESOLVED P3 Core Layout: Text and Fonts Pier Angelo Vendrame
1746668 Use web exposed locales instead of regional locales where appropriate ASSIGNED -- Firefox Settings UI Pier Angelo Vendrame 1846224
1787790 getComputedStyle reports a wrong family for system fonts under certain conditions RESOLVED -- Core Layout: Text and Fonts Pier Angelo Vendrame [fingerprinting]
1880108 Placeholders on the datetime widget ignore spoof English RESOLVED -- Toolkit UI Widgets Pier Angelo Vendrame
1900648 XSLT error messages can leak browser UI language RESOLVED -- Core XSLT Pier Angelo Vendrame 1959147 [tor 42288][fingerprinting]
1404608 Do not lie about Operating System when privacy.resistFingerprinting is true RESOLVED P3 Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog3][fingerprinting-breakage]
461204 Boundary delimiter for HTTP file posts is static. That is wrong according to RFC. RESOLVED -- Core DOM: Core & HTML Tom Ritter [:tjr] [sg:low][tor 22919][adv-main74-]
1314443 Audit the existing disable WebRTC preferences and ensure they work as advertised ASSIGNED P3 Core WebRTC Tom Ritter [:tjr] [tor][fingerprinting][tor-mobile][fp-triaged]
1448046 Can we remove the window.Components shim? REOPENED P3 Core DOM: Core & HTML Tom Ritter [:tjr] 1448048
1509829 privacy.resistFingerprinting: UA header, upstream Tor 26146 RESOLVED P3 Core DOM: Security Tom Ritter [:tjr] [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1518839 In RFP: Only Spoof the OS in the User Agent; and do not lie in the HTTP Header RESOLVED -- Core DOM: Security Tom Ritter [:tjr] 1404608, 1405810 [tor 26146][fingerprinting]
1577243 Unconditionally clamp the requestAnimationFrame timestamp (and clamp/jitter it in RFP mode) RESOLVED -- Core DOM: Animation Tom Ritter [:tjr]
1607316 Implement separate fingerprinting resistance treatment of @media interaction features for desktop and android RESOLVED -- Core Layout Tom Ritter [:tjr] [fingerprinting][tor 32886]
1666160 Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems RESOLVED P3 Core DOM: Security Tom Ritter [:tjr] 1929134 [domsecurity-backlog1]
1885258 Remove the IsHidden Exemption for Font Allowlist RESOLVED -- Core Layout: Text and Fonts Tom Ritter [:tjr]

126 Total; 29 Open (23.02%); 94 Resolved (74.6%); 3 Verified (2.38%);


Fingerprinting Resolved Bugs

Full Query
ID Summary Priority Product Component Assigned to Depends on Whiteboard
467035 <!DOCTYPE> ignores contentaccessible, leaks DTD strings and therefore browser UI locale P2 Core XML Alex Catarineu (Tor Browser dev) 1228117 [sg:low][fingerprinting][fp-triaged][tor 30304][adv-main70-]
1561322 UI locale is detectable by button width -- Firefox Untriaged Alex Catarineu (Tor Browser dev) [tor 24056]
1581537 Browser UI locale is leaked in several ways P3 Core DOM: Core & HTML Alex Catarineu (Tor Browser dev) [tor 30683][fingerprinting]
1345322 Create the preference privacy.resistFingerprinting in firefox.js P1 Firefox Settings UI Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
1383495 Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled P3 Core DOM: Security Ethan Tseng [:ethan] 1472618 [tor][fingerprinting][fp:m3][domsecurity-active]
1393283 privacy.resistFingerprinting should change the user agent to 52, not 50 P2 Core DOM: Security Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1396468 Spoof navigator.oscpu as 'Windows NT 6.1; Win64; x64' when resisting fingerprinting is enabled P2 Core DOM: Security Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1047098 'Clear Recent History' with 'Cache' or 'Offline Website Data' doesn't clear QuotaManager storage and ServiceWorkers P1 Core DOM: Core & HTML Andrea Marchesini [:baku] 1401850, 1404105 [tor][fingerprinting]
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) P3 Core Graphics: Text Arthur Edelstein [:arthur] 1306715, 1426544, 1458364 [gfx-noted] [tor][fingerprinting]
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) -- Firefox Settings UI Arthur Edelstein [:arthur] [tor][fingerprinting][fp-backlog][fp-triaged]
1333933 Disable/spoof fingerprintable features when privacy.resistFingerprinting = true P1 Core General Arthur Edelstein [:arthur] 1337157, 1337161 [tor][fingerprinting][fp-backlog][fp-triaged]
1433592 Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled P2 Core DOM: UI Events & Focus Handling Arthur Edelstein [:arthur] [fingerprinting-breakage][tor 17009]
267645 Page can obtain path to Mozilla installation or possibly profile by examining JavaScript exceptions P3 Core Security Boris Zbarsky [:bzbarsky] 268370, 503228 [sg:want] stepping-stone [fingerprinting][fp-triaged][adv-main75-]
863246 resource:// URIs leak information (Tor 8725) P1 Core Security Chung-Sheng Fu [:cfu] 1395286, 1395486, 1433715 [tor][fingerprinting][fp:m3]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) P1 Core Graphics: Canvas2D Chung-Sheng Fu [:cfu] 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 [tor][fingerprinting][fp:m3][ux]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting P1 Firefox Settings UI Chung-Sheng Fu [:cfu] 1515001 [tor][fingerprinting][fp:m3][ux]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) P1 Core Graphics: CanvasWebGL Chung-Sheng Fu [:cfu] [tor][tor-standalone][fingerprinting][fp:m3]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] P1 Core Graphics: Color Management Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true P1 Core DOM: Device Interfaces Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
1354633 blank MediaError.message when resisting fingerprinting P2 Core Audio/Video: Playback Chung-Sheng Fu [:cfu] [tor 21792][fingerprinting][fp:m3]
1369357 Making Firefox not to use site specific zoom level when 'privacy.resistFingerprinting' is true P1 Firefox General Chung-Sheng Fu [:cfu] 1377820 [fingerprinting][tor][fp:m2]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true P3 Core WebRTC: Audio/Video Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m3]
1382499 Touch API leaks absolute screen coordinates P3 Core DOM: Events Chung-Sheng Fu [:cfu] [tor 10286][fingerprinting][fp:m3]
1382533 When resisting fingerprinting, don't expose local IP Addresses via mDNS P2 Core DOM: Core & HTML Chung-Sheng Fu [:cfu] [tor 22165][fingerprinting][fp:m3]
583181 Don't reveal navigator.buildID to every site on the web P3 Core DOM: Core & HTML Chris Peterson [:cpeterson] 966030, 1216225, 1493490 [fingerprinting]
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true P1 Core DOM: Core & HTML Chris Peterson [:cpeterson] 1217238 [tor 21675][fingerprinting][fp:m1]
1511434 privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14 P2 Core DOM: Security Chris Peterson [:cpeterson] [tor][fingerprinting][domsecurity-active][fp-triaged]
1511763 privacy.resistFingerprinting: Fix calculation of spoofed ESR version for ESR >= 68.0 P2 Core DOM: Security Chris Peterson [:cpeterson] [domsecurity-active][fp-triaged]
1635011 resistFingerprinting: Bump spoofed OS versions to macOS 10.15 and Android 9 P3 Core DOM: Security Chris Peterson [:cpeterson] 1511434 [domsecurity-active]
1680365 RFP userAgent/header on Android doesn't follow Fenix naming convention P3 Core DOM: Security Chris Peterson [:cpeterson] [domsecurity-backlog1]
1711179 resistFingerprinting: Bump spoofed Android OS version to 10 P3 Core DOM: Security Chris Peterson [:cpeterson] 1635011 [domsecurity-active]
1756280 RFP + navigator.pdfViewerEnabled P1 Core Graveyard Plug-ins David Parks [:handyman]
1832598 Smooth scrolls are disabled if the user prefers-reduced-motion regardless of fingerprint resistance -- Core Layout: Scrolling and Overflow Dan Robertson (:dlrobertson)
1408702 Resist fingerprinting causes scrollbar glitch in Firefox 58 P2 Core Layout Emilio Cobos Álvarez (:emilio) [tor][fingerprinting-breakage]
1390465 disable or limit WebVTT with privacy.resistFingerprinting P3 Core Audio/Video: Playback Fatih Kilic [:fkilic] [tor][fingerprinting][fp-triaged]
1436226 Hardcode VP8/VP9 algorithm choice when resisting fingerprinting P2 Core Audio/Video: Playback Fatih Kilic [:fkilic] [tor 22548] [fingerprinting][fp-triaged]
1507280 Ensure the reporting URI respects Resist Fingerprinting wrt locale P3 Core DOM: Security Fatih Kilic [:fkilic] 1492036 [fingerprinting][fp-triaged][domsecurity-backlog]
1832845 Remove the pref `autoDeclineNoUserInputCanvasPrompts` -- Core Privacy: Anti-Tracking Fatih Kilic [:fkilic] 1832681
1834307 Smooth scrolls are disabled if the user prefers-reduced-motion regardless of fingerprint resistance P3 Core Layout: Scrolling and Overflow Fatih Kilic [:fkilic] 1832598
1871789 RFPTarget PointerEvents leaks mozPressure + mozInputSource -- Core DOM: Events Fatih Kilic [:fkilic]
1891690 EXSLT leaks timezones also when RFP is enabled -- Core XSLT Fatih Kilic [:fkilic]
1899736 Can not use 2nd webcam at webcamtests.com with privacy.resistFingerprinting enabled -- Firefox for Android Media Fatih Kilic [:fkilic] 1900402
1924087 SVG Switch Element leaks language even with spoof language P3 Core Privacy: Anti-Tracking Fatih Kilic [:fkilic]
1944211 RFPTarget PointerEvents mozPressure not compat -- Core DOM: Events Fatih Kilic [:fkilic]
1222924 Stop exposing the moz-icon URL scheme to the web P3 Core Graphics: ImageLib :Gijs (he/him) [gfx-noted][fingerprinting][fp:m4][adv-main59-]
1478158 Guard prefers-reduced-motion by Resist Fingerprinting pref P3 Core CSS Parsing and Computation Hiroyuki Ikezoe (:hiro) 1479230, 1479239 [fingerprinting]
1459089 Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers -- Firefox for Android Graveyard General Igor Oliveira [fingerprinting]
1876636 With privacy.resistFingerprinting track.label & track.getSettings().deviceId differ from enumerateDevices() P2 Core WebRTC: Audio/Video Jan-Ivar Bruaroey [:jib] (needinfo? me)
1538130 privacy.resistFingerprinting should not create windows with rounded dimensions when letterboxing is enabled P5 Core Window Management Kestrel 1407366 [fingerprinting][tor]
654550 Preference to disable video statistics -- Core Audio/Video leonard.beck [tor] [fingerprinting]
1673237 ignore svg.disabled=false in about pages -- Core SVG sanketh [tor 27002]
1601040 Add UI for modifying resistFingerprinting prefs when privacy.resistFingerprinting is enabled -- Firefox Settings UI morgan (Tor Project) [tor 32325][fingerprinting]
527667 DOM Storage (localStorage, sessionStorage) data is not cleared when "Clear Recent History" is used with Time range not "Everything" P1 Core DOM: Core & HTML 600366, 536544 [sg:want][tor][fingerprinting]
732096 Add a preference to prevent local font enumeration P3 Core Layout 1121643 [fingerprinting][tor][tor-standalone]
779197 Use a protocol not accessible from content P3 Add-on SDK Graveyard General 820213, 852297 [fingerprinting]
811582 window JS object provides a large amount of identifiable information -- Core DOM: Core & HTML [fingerprinting][fp-triaged]
903959 custom resource://foo/ allows fingerprinting addons -- Core Security [fingerprinting]
1077986 offline storage permission setting not working correctly -- Firefox Settings UI [tor][fingerprinting]
1216800 some chrome code may be incorrectly receiving spoofed devicePixelRatio -- Core DOM: Core & HTML [fingerprinting]
1233691 Redesign mediaDevices.enumerateDevices() API -- Core WebRTC
1314448 Create a build target that adds --disable-webrtc to the mozconfig P3 Release Engineering General [tor][tor-testing][fingerprinting]
1320465 Favicon is added to bookmark in Private Browsing mode -- Firefox Private Browsing
1330892 <isindex> leaks user locale P1 Core DOM: HTML Parser 1266495 [fingerprinting][tor][fp:m3]
1364261 Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true P3 Core Privacy: Anti-Tracking 1401440 [tor][fingerprinting-breakage][fp-backlog][fp-triaged]
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true P1 Core JavaScript Engine [fingerprinting][tor][fp:m2]
1392844 Ensure that Stylo respects privacy.resistFingerprinting P3 Core Layout [tor][fingerprinting][stylo][fp-backlog]
1394735 Enabling privacy.resistFingerprinting causes jank in jquery scrolling -- Core Layout 1424341 [fingerprinting][fp-triaged]
1398303 Local Storage not cleared by Clear Recent History -- Core DOM: Core & HTML [tor][fingerprinting]
1399279 initial viewport too small for fullscreen WebApps with privacy.resistFingerprinting enabled P5 Firefox for Android Graveyard Web Apps (PWAs) [fingerprinting][fp-triaged][tor-mobile]
1400582 Deleting all history still leaves some traces that can be used to precisely track individual users. P3 Core Storage: IndexedDB [tor][fingerprinting]
1403099 game in http://www.best.io/paper-io has very bad performance due to anti-fingerprinting setting (needs higher resolution timer) P5 Core DOM: Security 1424341 [domsecurity-backlog][fingerprinting][fp-triaged]
1405810 Setting privacy.resistFingerprinting=true breaks cmd keyboard shortcuts for Google Docs on OSX P1 Core DOM: Security 1404608 [domsecurity-backlog1][tor][fingerprinting-breakage][fp-triaged]
1405842 Devices returned from enumerateDevices have the same deviceId across originattributes -- Core WebRTC: Audio/Video [usercontextId][tor]
1409809 Constantly remind people about privacy.resistFingerprinting -- Firefox Security [fingerprinting-breakage]
1418537 Bad window height set when bookmarks toolbar is open with resistfingerprinting option P3 Core Window Management [fingerprinting][fp-triaged][tor 27845]
1420234 The privacy.resistFingerprinting flag interferes with the JS Date object -- Core JavaScript Engine [fingerprinting]
1425130 Sensor API exposes a High-Res timestamp P3 Core DOM: Security [fingerprinting][domsecurity-backlog1][fp-triaged]
1428331 HiDPI and privacy.resistFingerprinting -- Core Layout 1554751 [fingerprinting][fp-triaged]
1432506 Implement the Canvas Permission Prompt on Fennec P3 Firefox for Android Graveyard General 1413780 [fingerprinting][fp-triaged]
1433815 Ensure EnableOrientationChangeListener respects privacy.resistFingerprinting P3 Core DOM: Core & HTML [tor-mobile][fingerprinting][fp-triaged]
1437266 Navigating back on youtube sometimes fails and restarts the current video with resistFingerprinting enabled P3 Core DOM: Security 1776678, 1803976 [fingerprinting][domsecurity-backlog1][fp-triaged]
1437349 Detect if user install certain software with external protocol -- Core DOM: Security [fingerprinting]
1442863 Smooth scrolling implementations perform badly with resistFingerprinting's reduced timer precision P3 Core DOM: Core & HTML [fingerprinting][fp-triaged]
1450561 Resist screen elements dimensions fingerprinting P5 Core DOM: Security [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1456378 privacy.resistFingerprinting breaks image cropping in Expensify P2 Core DOM: Security [domsecurity-backlog1][fingerprinting][fp-triaged]
1462115 privacy.resistfingerprinting affects the timezone displayed in native file picker dialogs P3 Core DOM: Security 1491343 [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1466025 enforce DNT header when privacy.resistFingerprinting=true P3 Core DOM: Security [fingerprinting][domsecurity-backlog1][fp-triaged]
1470828 privacy.resistFingerprinting breaks some shortcut keys P2 Core DOM: UI Events & Focus Handling [fingerprinting][fp-triaged]
1485268 When privacy.resistFingerprinting = true, Reader mode shouldn't parse on load -- Toolkit Reader Mode [tor]
1485280 Prevent fingerprinting by SpeechRecognition P3 Core Web Speech [tor][fingerprinting][fp-triaged]
1492775 Consider how to do fingerprinting resistance for pointer events for mobile P3 Core DOM: Events 1507495 [fingerprinting][fp-triaged]
1519122 In RFP Mode, spoof the modifier state "Meta" in OSX into a "Ctrl" state in keyboard events. P2 Core DOM: UI Events & Focus Handling 1404608, 1405810 [tor][fingerprinting]
1529391 Don't spoof version number in User Agent with privacy.resistFingerprinting enabled P3 Core DOM: Security [fingerprinting][domsecurity-backlog]
1535761 [meta] Remove native theming for content P3 Core Widget 1381938, 1411425, 1615026, 1615028, 1615105, 1615830, 1618260, 1619425, 1620246, 1620297, 1620307, 1620360, 1620362, 1620451, 1620476, 1620479, 1621319, 1621331, 1625716, 1627961, 1638821, 1646558, 1671401, 1671516, 1671703, 1673287, 1674010, 1675132, 1682210, 1682731, 1685010, 1685196, 1685225, 1685962, 1685963, 1686606, 1686613, 1687177, 1687178, 1687202, 1687838, 1687865, 1687881, 1688325, 1688978, 1689094, 1689098, 1689252, 1689286, 1689477, 1689615, 1689848, 1690140, 1690194, 1690842, 1690910, 1690954, 1691064, 1691183, 1692306, 1693591, 1694059, 1695984, 1696378, 1696437, 1696988, 1697053, 1697055, 1697110, 1698284, 1698302, 1698318, 1698336, 1698343, 1698783, 1698969, 1699800, 1699930, 1700794, 1700802, 1702282, 1702755, 1709634, 1764172 [fingerprinting][overhead:noted][fp-triaged] [not-a-fission-bug]
1539503 Ensure CSS device-pixel-ratio (and related) and imgset/srcset obeys Fingerprinting Resistance -- Core CSS Parsing and Computation [fingerprinting][tor]
1560816 screen size under privacy.resistFingerprinting should return nearest closest common resolution instead of exact window dimensions P3 Core DOM: Security [domsecurity-backlog3]
1586657 Dialog for spoofing the locale in resist-fingerprinting-mode contains non-localized buttons P3 Core Internationalization [tor 31980]
1607027 css @media device-pixel-ratio and RFP -- Core CSS Parsing and Computation
1615419 Panopticlick says browser has a unique fingerprint even with privacy.resistFingerprinting = true and Content Blocking: Strict -- Core Privacy: Anti-Tracking
1615483 hide VR devices when privacy.resistFingerprinting = true -- Core WebVR [fingerprinting]
1621988 Some Google Docs Shortcuts still don't work under Resist Fingerprinting P3 Core DOM: Security [tor][fingerprinting][domsecurity-backlog1]
1625771 privacy.resistFingerprinting: Fix calculation of spoofed ESR version (affecting releases >=76) -- Core DOM: Security
1628373 Lie better about desktop platform when privacy.resistFingerprinting is set to true -- Core DOM: Security
1640449 Privacy and security features should prevent localhost and local network WebSocket abuse P3 Core DOM: Networking [fingerprinting][necko-triaged]
1670199 RFP + font visibility = 1: entropy improvements -- Core Layout: Text and Fonts
1690038 Scrollbar is enabled and disabled based on a setting in macOS system preferences P2 Core DOM: Security [fingerprinting][tor 22632]
1708593 Enhance resist fingerprinting: Disable web audio (API) by default when privacy.resistFingerprinting is enabled -- Core Security
1709330 audit PDF.js for RFP and dFPI P5 Firefox PDF Viewer [pdfjs-integration]
1758520 Disable WebGPU when RFP is enabled -- Core Graphics: WebGPU
1762390 Should Gecko_MediaFeatures_MatchesPlatform account for ResistFingerprinting? -- Core DOM: CSS Object Model
1772711 privacy.resistFingerprinting caps fps to 60 P3 Core Privacy: Anti-Tracking
1781172 report real world system font set when enable privacy.resistFingerprinting -- Core Layout: Text and Fonts
1818894 RFP: harden network information protection -- Core DOM: Core & HTML [fingerprinting]
1825378 RFP offscreen canvas allows extension override -- Core Graphics: Canvas2D
1564422 Change `outputLatency` and `getOutputTimestamp` when `resistFingerPrinting` is enabled P2 Core Web Audio Paul Adenot (:padenot)
1595823 Fix the AudioContext's sample-rate if privacy.resistFingerprinting is enabled P3 Core Web Audio Paul Adenot (:padenot) [fingerprinting]
1397994 CSS line-height reveals platform P5 Core CSS Parsing and Computation Pier Angelo Vendrame [tor 23104][tor 23701][tor 29563][fingerprinting][fp-triaged]
1745715 Bundled fonts should have Base visibility even when they are also system-wide installed P3 Core Layout: Text and Fonts Pier Angelo Vendrame
1787790 getComputedStyle reports a wrong family for system fonts under certain conditions -- Core Layout: Text and Fonts Pier Angelo Vendrame [fingerprinting]
1880108 Placeholders on the datetime widget ignore spoof English -- Toolkit UI Widgets Pier Angelo Vendrame
1900648 XSLT error messages can leak browser UI language -- Core XSLT Pier Angelo Vendrame 1959147 [tor 42288][fingerprinting]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) P1 Core JavaScript: Standard Library Jonathan Hao (inactive) [:jhao] 1430975, 1437266, 1442863 [fingerprinting][tor][fp:m1]
1369327 Making reader view users uniform when 'privacy.resistFingerprinting' is true P1 Toolkit Reader Mode Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m2]
1290481 Implement mitigations for opaque response storage in the DOM cache P2 Core DOM: Core & HTML Tom Tung [:tt, :ttung] 1468434, 1367309, 1398043, 1398231, 1402581 [storage-v1][fingerprinting][adv-main57-]
680300 Restrict discoverability of protocol handlers [Tor 1623] P2 Core Networking Tim Huang[:timhuang] 1514834 [fingerprinting][probing][necko-backlog][tor]
1222285 Keyboard layout is leaked by KeyboardEvent P1 Core DOM: UI Events & Focus Handling Tim Huang[:timhuang] 1439784, 1433592, 1438795, 1470828 [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled P1 Core Web Speech Tim Huang[:timhuang] [tor][fingerprinting][fp:m2]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled P1 Core DOM: Security Tim Huang[:timhuang] 1337161, 1369303 [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1363508 Consider how to do Anti-fingerprinting for Pointer Events P1 Core DOM: Events Tim Huang[:timhuang] 1492766, 1492775 [tor 25794][fingerprinting]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns P1 Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]
1369303 Spoof/Disable performance API when 'privacy.resistFingerprinting' is true P1 Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369309 Neutralize the threat of fingerprinting of media statistics when 'privacy.resistFingerprinting' is true P1 Core Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369319 Disable device sensors when 'privacy.resistFingerprinting' is true P1 Core DOM: Device Interfaces Tim Huang[:timhuang] 1390391 [fingerprinting][tor][fp:m2]
1369328 Open popup windows in new tabs when 'privacy.resistFingerprinting' = true P1 Core DOM: Security Tim Huang[:timhuang] [fingerprinting][tor][fp:m2][domsecurity-active]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true P1 Core DOM: Geolocation Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1372072 Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true P1 Core DOM: Core & HTML Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1382545 Animation API exposes high-res time stamp P2 Core DOM: Animation Tim Huang[:timhuang] 1217238 [tor 16337][fingerprinting][fp:m3]
1384330 Don't expose window.navigator.mozAddonManager data when privacy.resistFingerprinting=true P2 Toolkit Add-ons Manager Tim Huang[:timhuang] [tor 21684][fingerprinting][fp:m3]
1404608 Do not lie about Operating System when privacy.resistFingerprinting is true P3 Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog3][fingerprinting-breakage]
1446472 privacy.resistFingerprinting is true blocks QR code (canvas) on web.whatsapp.com without any notice P2 Core Graphics: Canvas2D Tim Huang[:timhuang] [fingerprinting] [gfx-noted][fp-triaged]
1460145 privacy.resistfingerprinting breaks the square selection on the HOT Tasking Manager P2 Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1468957 privacy.resistFingerprinting set to true breaks https://www.google.com/streetview/ P2 Core DOM: Security Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1492766 Fingerprinting protection for pointerEvent.pointerid P2 Core DOM: Events Tim Huang[:timhuang] [fingerprinting][fp-triaged]
461204 Boundary delimiter for HTTP file posts is static. That is wrong according to RFC. -- Core DOM: Core & HTML Tom Ritter [:tjr] [sg:low][tor 22919][adv-main74-]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] P1 Core General Tom Ritter [:tjr] 1382840, 1385597, 1409973 [fingerprinting][tor 16622][fp:m1][fp-triaged]
1337157 privacy.resistFingerprinting should disable WEBGL_debug_renderer_info P2 Core Graphics: CanvasWebGL Tom Ritter [:tjr] 1171228 gfx-noted, [tor][fingerprinting]
1376865 Do not display Canvas Prompt unless triggered by user input P2 Core Graphics: Canvas2D Tom Ritter [:tjr] 967895 [tor][fingerprinting][gfx-noted][fp:m4]
1393662 Making IsResistFingerprintingEnabled() checks in nsRFPService::ReduceTimePrecisionAs* inline and changing the name of nsRFPService::ReduceTimePrecisionAs* into MaybeReduceTimePrecisionAs* P2 Core DOM: Security Tom Ritter [:tjr] [fingerprinting][tor][domsecurity-backlog][fp:m4]
1397757 Need "Learn More" page for HTML5 Canvas warning of fingerprinting resistance P2 Firefox Page Info Window Tom Ritter [:tjr] [tor][fingerprinting][fp-triaged]
1407366 When privacy.resistFingerprinting=true, dynamically round content dimensions P2 Core Window Management Tom Ritter [:tjr] 1594455, 1790988, 1489493, 1595394, 1620347, 1640548, 1744439, 1788839 [fingerprinting][fp-triaged][tor 14429]
1409973 Make Date.toLocaleDateString and Intl.DateTimeFormat anti-fingerprintable P1 Core JavaScript Engine Tom Ritter [:tjr] 818634, 1039069, 1333933, 1358653, 1369330 [fingerprinting][tor][fp-triaged]
1447592 Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false P2 Firefox Security Tom Ritter [:tjr] [fingerprinting-breakage]
1461454 Support Resist Fingerprinting in canPlayType and Media Capabilities APIs P2 Core Audio/Video: Playback Tom Ritter [:tjr] [tor 13543][fingerprinting][fp-triaged]
1509829 privacy.resistFingerprinting: UA header, upstream Tor 26146 P3 Core DOM: Security Tom Ritter [:tjr] [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1515001 Debug build crashes with `privacy.spoof_english` set P1 Firefox Settings UI Tom Ritter [:tjr] [tor 28875][fp-triaged]
1518839 In RFP: Only Spoof the OS in the User Agent; and do not lie in the HTTP Header -- Core DOM: Security Tom Ritter [:tjr] 1404608, 1405810 [tor 26146][fingerprinting]
1577243 Unconditionally clamp the requestAnimationFrame timestamp (and clamp/jitter it in RFP mode) -- Core DOM: Animation Tom Ritter [:tjr]
1607316 Implement separate fingerprinting resistance treatment of @media interaction features for desktop and android -- Core Layout Tom Ritter [:tjr] [fingerprinting][tor 32886]
1621433 In RFP mode, turn the all-white canvas into a fully random 'poison pill' P2 Core DOM: Security Tom Ritter [:tjr] [fingerprinting][domsecurity-active]
1666160 Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems P3 Core DOM: Security Tom Ritter [:tjr] 1929134 [domsecurity-backlog1]
1693861 Collect Telemetry for how many users have enabled RFP P2 Core DOM: Security Tom Ritter [:tjr] [domsecurity-active]
1885258 Remove the IsHidden Exemption for Font Allowlist -- Core Layout: Text and Fonts Tom Ritter [:tjr]
1827576 RFP Math sin/cos/tan spoofing missing for asm.js P2 Core JavaScript: WebAssembly Tom Schuster (MoCo) 531915, 1823880
1485266 When privacy.resistFingerprinting = true, use stand-ins for native colors P2 Core Graphics: Color Management Gary Chen [:xeonchen] [tor][gfx-noted][fingerprinting][fp-triaged]
1486258 Regression tests to check that new Intl APIs respect privacy.spoof_english P2 Core JavaScript: Internationalization API Gary Chen [:xeonchen] [tor 26611][fingerprinting][fp-triaged]
1492587 Ensure the date picker does not leak user locale when "privacy.spoof_english" == 2 P2 Toolkit UI Widgets Gary Chen [:xeonchen] [tor 21787][fingerprinting][fp-triaged]
1560574 ftp:// on Windows can be used to leak the system time zone (Tor 30800) P2 Core Graveyard Networking: FTP Gary Chen [:xeonchen] 1564434 [fingerprinting][tor 30800] [necko-triaged]

167 Total; 167 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Fingerprinting&oldid=1173265"