Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn’t browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

  • Max-P
    link
    fedilink
    155 months ago

    No, simply because even with pure CSS and even pure HTML you can find ways to leak some information about the browser. For example, a background image that only loads on 1920x1080, another for 2560x1440, and so on. Make hundreds of those for every possible resolution (they can be the same file on the server but at a different path), and there you go, you now figured that the client downloaded img/background/2448x1280.png from the server logs. You can use the same trick for fonts as well, you just apply the same trick on a box on the page that is sized based on text content. Repeat for every font you want to test for.

    There’s just a ton of those little features that are for performance optimizations because loading a 4K background on a 480p phone is a bad experience for everyone involved. Sometimes you need to know the size of some elements to position other elements relative to it. You need the mouse cursor position to open popups at the right place. You need the window size to realign popups and modals. You’d have to go back to text based only sites like it’s the 80s and 90s to avoid that kind of fingerprinting.

    And thus Tor’s solution: everyone’s got the same window size, same fonts and everything.