GitLab

http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html claims that getClientRects() provides a lot of differences between two computers. This is "[d]epending on the resolution, font configuration and lots of other factors".

We should investigate how problematic that method is keeping in mind that we are currently not aiming at hiding the platform a user is on and that we do font normalization and rounding of the content window on start-up and a bunch of other things.

I asked the author of the blog post to explain the differences on the two computers he got, taking the things I mentioned above into account but we got no reply so far.