[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Should still recommend against maximizing Tor Browser window?

We recommend that here:
https://www.whonix.org/wiki/Tor_Browser#Maximizing_Browser_Window

Original reason:
https://trac.torproject.org/projects/tor/ticket/7255

Don’t be fooled by that ticket being closed. That’s a pointer but not enough. Since then various lengthy new tickets have resulted from the original ticket and it is hard to know where things stand now. Is anyone into that topic?

As a result this package was created

Since then window maximization has changed various times in Tor Browser.

Wondering if any of this is still useful?

Let’s keep it around until stable TBB removes the warning. I know upstream are working on patches to kill this tracking method.

1 Like

Any update?

While window size rounding seems to be implemented, it works only on some platforms with Windows being problematic:
https://trac.torproject.org/projects/tor/ticket/14098

So the window resolution resizing anti-fingerprinting is much more complicated than we think. They are working on protecting users who enable the bookmark bar, who do page zooming or use it on system with weird tiling window managers:

https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=closed&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&keywords=~tbb-fingerprinting-resolution&order=priority

1 Like

Looks no longer required due to letterboxing, see:

Removed from wiki:

https://www.whonix.org/w/index.php?title=Tor_Browser&type=revision&diff=52116&oldid=51692

1 Like

I don’t think you should delete that, since gk says you still shouldn’t change the default window size i.e. Letterboxing provides ‘some’ protection, but you’re still likely more fingerprintable. So unless we know better than Tor devs…

https://blog.torproject.org/new-release-tor-browser-90?page=2

Anonymous (not verified) said:

October 22, 2019
Permalink

Letterboxing is great at softening the fingerprint in those rare cases where you accidentally resize or maximize a window. However doesn’t it decrease the uniformity if people start using it intentionally, given all the possible window and height combinations?

Is using the default window size still recommended?

gk said:

October 23, 2019

In reply to Letterboxing is great at… by Anonymous (not verified)
Permalink

Yes, the default size is still recommended. But, if users are resizing their window they should get some protection now. Before that we only had the notification bar popping up and essentially saying “Don’t do that! Danger!” which was kind of lame. Now, we have something better to offer which fits more to our privacy-by-design goal.

1 Like

Thanks. Feel free to undo or I’ll do that soon. Should also add these quotes.

A couple thoughts about the letterboxing and what I experienced:

While the TBB is doing a good job at obscuring the fingerprint vector of window size, there were a couple observations I wanted to share with our community.
Some desktops, Gnome3 in particular, but there are others, have certain display features like ‘docks,’ and ‘title bars’ to name two that can really pigeonhole the user into certain groups. I know we use XFCE here in Whonix, but even so, there is a lot of flexibility in how we size panels, where we place them, how big they are compared to other known panel applets for other popular destops and things like that. Also, we cannot forget the host DE and how its features may affect the determination for the maximized window size.
If the user does not use their virtualizer in full-screen view but maximizes the TBB window anyway, he or she ends up with some unique window dimensions. This can be true of any desktop. For example in virtualbox, default settings have the top of screen machine tool bar and the mini-bar on the bottom underneath the panel. If identities are not switched (or even if they are) the irregular window size can be something that can maybe not outright identify you but narrow down the possibilities
It won’t be absolute, but over time it can be problematic.
Example: it may be that using Gnome3 on a 1366x768 laptop produces a unique maximized value that would be different on say LXDE or XFCE on the same 1366x768 screen.
At least when the TBB window was default set at 1000x800, 700, etc. then the pool of users was much much bigger and the various idiosyncrasies of each unique desktop environment was much harder to pin down to a certain person or persons.
Maybe for now to just be extra cautious it would be better to not use full-screen view just until some of the unknowns are better understood or worked out.

Done.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]