Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-10-14T19:38:30Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/24686In Tor Browser context, should network.http.tailing.enabled be set to false?2022-10-14T19:38:30ZcypherpunksIn Tor Browser context, should network.http.tailing.enabled be set to false?Here's what `network.http.tailing.enabled` does: https://www.janbambas.cz/firefox-57-delays-requests-tracking-domains/ It depends on Disconnect's tracking list.
In Tor Browser context I'm not sure whether this would be beneficial.Here's what `network.http.tailing.enabled` does: https://www.janbambas.cz/firefox-57-delays-requests-tracking-domains/ It depends on Disconnect's tracking list.
In Tor Browser context I'm not sure whether this would be beneficial.Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23451Adapt font whitelist to changes on macOS (zh locales)2022-12-02T11:21:12ZGeorg KoppenAdapt font whitelist to changes on macOS (zh locales)https://bugzilla.mozilla.org/show_bug.cgi?id=1350766 wants to use Songti TC/SC for macOS as default fonts. We should check whether we need to update the related font whitelist.
(This is the ticket for https://lists.torproject.org/piperm...https://bugzilla.mozilla.org/show_bug.cgi?id=1350766 wants to use Songti TC/SC for macOS as default fonts. We should check whether we need to update the related font whitelist.
(This is the ticket for https://lists.torproject.org/pipermail/tbb-dev/2017-September/000610.html)Sponsor 131 - Phase 3 - Major ESR 102 MigrationPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22787Fontconfig warning: remove 'blank' configuration2022-07-12T22:23:22ZcypherpunksFontconfig warning: remove 'blank' configurationIn the log:
> Fontconfig warning: line 145: blank doesn't take any effect anymore. please remove it from your fonts.conf
Quickly skimming fontconfig's changelog one finds:
> commit 46b2c62faa64250eec3981ee816e91a9a3dee857
> Author: Ak...In the log:
> Fontconfig warning: line 145: blank doesn't take any effect anymore. please remove it from your fonts.conf
Quickly skimming fontconfig's changelog one finds:
> commit 46b2c62faa64250eec3981ee816e91a9a3dee857
> Author: Akira TAGOH <akira@tagoh.org>
> Date: Wed Jun 17 16:29:08 2015 +0900
>
> Add a warning for blank in fonts.conf
>
> and remove the unnecessary code for parsing blanks
>
> src/fcxml.c | 7 +++++++
> 1 file changed, 7 insertions(+)Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41092Enable tracking query parameters stripping2023-10-03T15:36:13ZArthur EdelsteinEnable tracking query parameters strippingURL query parameters (aka URL search parameters) are a major vector for cross-site tracking. They comprise what is perhaps the most significant category of cross-site tracking vector that remains unblocked in Tor Browser.
Fortunately, F...URL query parameters (aka URL search parameters) are a major vector for cross-site tracking. They comprise what is perhaps the most significant category of cross-site tracking vector that remains unblocked in Tor Browser.
Fortunately, Firefox [has announced](https://groups.google.com/a/mozilla.org/g/firefox-dev/c/osQQROd2jKA) that they will be enabling tracking query parameter stripping for Strict mode and Private mode. (As of Firefox 103, this protection seems to be enabled in Strict Mode only in Release.) It would be great if Firefox's feature can be enabled in Tor Browser and expanded to cover more parameters that Firefox doesn't, including Google's gclid and dclid and Microsoft's msclkid. For a longer list of candidate parameters, see https://privacytests.org/Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40081Letterboxing since 32220 affected by layout.css.devPixelsPerPx2022-12-08T17:41:30ZMoreQuarksLetterboxing since 32220 affected by layout.css.devPixelsPerPxThis submission includes 3 sections: (1) Summary of Issue, (2) Detailed Description of Issue, and (3) Desired Outcome.
---
(1) Summary of Issue —
When using Tor Browser on a MacBook Air 13-inch laptop computer, the default configura...This submission includes 3 sections: (1) Summary of Issue, (2) Detailed Description of Issue, and (3) Desired Outcome.
---
(1) Summary of Issue —
When using Tor Browser on a MacBook Air 13-inch laptop computer, the default configuration about:config > layout.css.devPixelsPerPx Value -1.0 (screenshot 1) renders too small the size of content in the Toolbar, the size of bookmarks folders and text in the Bookmarks Toolbar, and the size of content in the browser inner window. The small size leads to user eyestrain that is largely avoided when Tor Browser uses modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 (screenshot 2).
Modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 prevents user eyestrain when using Tor Browser on a MacBook Air 13-inch laptop, but, when Tor Browser 9.5.3 is using this configuration, screen resolution fails to conform to a multiple of w:50 x h:50, w:100 x h:50, w:100 x h:100, or w:100 x h:200. I wonder whether this issue might be related to some sort of letterboxing issue in Tor Browser 9.5.3 (and 9.5.1 and 9.5).
Modified configuration about:config > layout.css.devPixelsPerPx Value 3.0 (screenshot 3) ~~has none of the issues described in the preceding two configurations~~ screen resolution fails to conform to a multiple of w:50 x h:100 when manually adjusting the window size, ~~but~~ and this configuration is not user-friendly because the size of Toolbar content, Bookmarks Toolbar content, inner window content, and the exterior window itself are excessively oversized and too large.
---
(2) Detailed Description of Issue —
In Tor Browser 9.5.3, 9.5.1, 9.5, 9.0.10, 9.0.9, and 9.0.4, the screen resolution in each version was tested and 24 corresponding screenshots were created to help define and resolve this issue in 9.5.3.
Throughout this submission, references to Tor Browser 9.5.3 collectively refer to versions 9.5.3, 9.5.1 and 9.5, and references to Tor Browser 9.0.10 collectively refer to versions 9.0.10, 9.0.9 and 9.0.4.
Tor Browser versions 9.5.3 and 9.0.10 are using the following Customize settings (screenshots 4, 5) when running the screen tests:
• Toolbars > ✓ Bookmarks Toolbar
• Density > Compact
• Drag ★Bookmarks Toolbar Items into the toolbar
• Use the default settings for Title Bar, Drag Space, and Themes.
In Tor Browser 9.5.3 and 9.0.10, default configuration about:config > layout.css.devPixelsPerPx Value -1.0 renders too small for comfortable viewing the Toolbars content, bookmarks folders and text appearing in the Bookmarks Toolbar, and inner window content. (screenshot 6). This default configuration causes unacceptable user eyestrain when using Tor Browser on a MacBook Air 13-inch laptop computer.
In Tor Browser 9.5.3, modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 hits the sweet spot for making a slight but significantly beneficial enlargement in the size of the Toolbars content, bookmarks folders and text appearing in the Bookmarks Toolbar, and inner window content (screenshot 7). This modified configuration makes the viewing experience more comfortable and user-friendly by preventing user eyestrain when using Tor Browser on a MacBook Air 13-inch laptop computer.
However, when Tor Browser 9.5.3 is using modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 when it starts, the window opens at screen resolution w:998 x h:599 (screenshot 7) across browser sessions, letterboxing displays the window at w:798 x h:599 (screenshot 8) across browser sessions when manually adjusting the size of the window, and Enter Full Screen opens the window at w:1198 x h:599 (screenshot 9) across browser sessions.
In contrast, when Tor Browser 9.0.10 is using modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 when Tor Browser starts, the window opens at w:1000 x h:600 (screenshot 10) across browser sessions, letterboxing correctly displays the window at w:450 x h:450 (screenshot 11) across browser sessions when manually adjusting the size of the window, and Enter Full Screen correctly opens the window at w:1200 x h:600 (screenshot 12) across browser sessions.
In Tor Browser 9.5.3, setting modified configuration about:config > layout.css.devPixelsPerPx Value 3.0 (screenshot 13) and immediately quitting and restarting Tor Browser in that configuration opens the window at w:800 x h:500 (screenshot 14) across browser sessions, letterboxing displays the window at w:450 x h:450 (screenshot 15) across browser sessions when manually adjusting the size of the window, and Enter Full Screen opens the window at w:900 x h:500 (screenshot 16) across browser sessions.
However, in Tor Browser 9.5.3, modified configuration about:config > layout.css.devPixelsPerPx Value 3.0 is unsuitable because this configuration causes the content in the Toolbar and Bookmarks Toolbar to be excessively oversized and too large, and the size of content appearing in the inner window and the size of the exterior window itself are excessively oversized and too large (screenshot 17).
When Tor Browser 9.5.3 is using modified configuration about:config > layout.css.devPixelsPerPx Value 3.0 when Tor Browser starts, immediately changing the configuration from about:config > layout.css.devPixelsPerPx Value 3.0 to about:config > layout.css.devPixelsPerPx Value 2.4 (screenshot 18) without restarting Tor Browser instantaneously changes the screen resolution from size w:800 x h:500 (screenshot 19) to indicated test size w:1000 x h:600 (screenshot 20 ), letterboxing displays the window at indicated test size w:451 x h:500 (screenshot 21, 451x500) when manually adjusting the window size, and Enter Full Screen opens the window at indicated test size w:1200 x h:600 (screenshot 22).
However, during the browser session in the preceding paragraph, Tor Browser 9.5.3 renders the window at indicated test size w:1000 x h:600 only during that single browser session, and Enter Full Screen opens the window at indicated test size w:1200 x h:600 only during that single browser session because, after quitting and restarting Tor Browser 9.5.3, the window opens with configuration about:config > layout.css.devPixelsPerPx Value 2.4 and screen resolution w:998 x h:599 (screenshot 7), the window displays indicated test size w:449 x h:599 (screenshot 23) when manually adjusting the window size, and Enter Full Screen opens the window at indicated test size w:1199 x h:599 (screenshot 24).
The described issues are present in Tor Browser versions 9.5.3, 9.5.1, 9.5, but testing indicates they are not present in Tor Browser versions 9.0.10, 9.0.9, and 9.0.4.
Modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 is compatible with Tor Browser 9.0.10, 9.0.9, and 9.0.4 and causes no letterboxing or screen resolution issues in those versions.
---
(3) Desired Outcome —
When Tor Browser is using Customize settings Toolbars>✓ Bookmarks Toolbar, Density>Compact, drag>★Bookmarks Toolbar Items into toolbar, and default settings>for Title Bar, Drag Space, and Themes, Tor Browser would render the following screen resolutions for each instance Tor Browser starts when it is using modified configuration about:config > layout.css.devPixelsPerPx Value 2.4:
• Screen resolution conforms to a multiple of w:50 x h:50, w:100 x h:100, or w:100 x h:200 across browser sessions.
• Screen resolution conforms to a multiple of w:50 x h:50, w:100 x h:50, w:100 x h:100, or w:100 x h:200 across browser sessions when manually adjusting the size of the window.
• Enter Full Screen opens the window at a multiple of w:100 x h:100 or w:100 x h:200 across browser sessions.
---
Platform: macOS Catalina Version 10.15.6, MacBook Air 13-inch laptop computer.
TorZillaPrint screen test: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html
---
![screenshot_1](/uploads/787be645a7b08e7725bf59660e9e0b02/screenshot_1.png)
![screenshot_2](/uploads/f497e853c4da6f53d6922e9bb6025ee1/screenshot_2.png)
![screenshot_3](/uploads/7e87cc658f605bccd8f311d0b0398baf/screenshot_3.png)
![screenshot_4](/uploads/c548dab58e95aa17763b42d4ddedb429/screenshot_4.png)
![screenshot_5](/uploads/86148f19d1203436af59a4e52796b82e/screenshot_5.png)
![screenshot_6](/uploads/57343d3dc8c7e29793c1757c714fa023/screenshot_6.png)
![screenshot_7](/uploads/303d52aa4eebb2ad1f83bf5ce85787a2/screenshot_7.png)
![screenshot_8](/uploads/789141d24942ef4bb3fb3c0f6a0d997a/screenshot_8.png)
![screenshot_9](/uploads/1ed0fa9ba75755bcaa8d383bc541605b/screenshot_9.png)
![screenshot_10](/uploads/37d7c6465872d20ab86cde8d74291b77/screenshot_10.png)
![screenshot_11](/uploads/786c23ed34df62d76261affdc1b6219e/screenshot_11.png)
![screenshot_12](/uploads/f55c49d68520bb611554c2b1f58d7819/screenshot_12.png)
![screenshot_13](/uploads/e0ffb431d80a57938790e73e75eb096a/screenshot_13.png)
![screenshot_14](/uploads/2e3bb78f822af09feef3896c52a9a0e9/screenshot_14.png)
![screenshot_15](/uploads/8b07b56987869e0ea440182d51e561bf/screenshot_15.png)
![screenshot_16](/uploads/12f65a8e88134dce3b7aadecbcdd3f17/screenshot_16.png)
![screenshot_17](/uploads/9dcd73d578ace605a88b59318edf926d/screenshot_17.png)
![screenshot_18](/uploads/85742446f01c0b6ee234dfe072ebba30/screenshot_18.png)
![screenshot_19](/uploads/f4e346036f4d26539435da8f91ba7ab8/screenshot_19.png)
![screenshot_20](/uploads/c74522a9a0347548d2219a457969af07/screenshot_20.png)
![screenshot_21](/uploads/e352331b9c8443b3d6d404f284168265/screenshot_21.png)
![screenshot_22](/uploads/21befd985b2b9c2b37c897b3dca5e697/screenshot_22.png)
![screenshot_23](/uploads/fd0597ede644020f7e858e06127a4597/screenshot_23.png)
![screenshot_24](/uploads/6bf107fde4abac760506cdd6dcbfafcb/screenshot_24.png)Sponsor 131 - Phase 2 - Privacy Browserma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33282Increase the max width of new windows2023-10-03T15:38:07ZThorinIncrease the max width of new windowsnew window sizes are only applied to non-android devices (AFAIK). Android will use LBing when ready.
new windows are calculated with a max width of 1000px (and then steps down in 200px increments). Note: height is similar (max 1000m ste...new window sizes are only applied to non-android devices (AFAIK). Android will use LBing when ready.
new windows are calculated with a max width of 1000px (and then steps down in 200px increments). Note: height is similar (max 1000m steps of 100)
Somewhat relevant, LBing has reduced the number of combos of `w`x`h`: but assuming there was no accidental window sizing, and ignoring anything from bugs (toolbar showing, dpi etc)... just focusing on new windows
desktop/laptop screens are likely to be widescreen (approx 16/9), and even the old 1.33/1 (e.g. 1024x768) is not square
Lets say 99% of heights used are `[600,700,800,900,1000]`. Increasing the max width to `1200` theoretically increases the number of entropy buckets by 5 (1 new x number of heights) and to `1400` by 10, etc. But in reality, it's **not going to affect actual entropy** (but there may be some edge cases): e.g.
- if you can do `1000`px high, you can almost certainly do `1200` wide (or you never could do 1000 wide anyway: e.g 1024x768)
- if you're limited to 600 high, you can't do 1200 anyway
Obviously there are a lot of desktop/laptop screen aspect ratios out there, and we don't have any hard data - but my point is:
**why are we square on desktops/laptops?** - a lot of webpages cause a horizontal scroll bar which is quite annoying (and you know just how upset users can get with visuals: see LB introduction) - so I'll just label this as a usability issue: not just the scrollbar, but wastage of available screen real estate / productivity.
Without some real hard data, we can only guess (but we can look at Firefox telemetry or real world screen stats). My instinct tells me 1200 max is "safe" (as its below both 4/3 and 16/9), and if 4/3 is an edge case, then 1400 or 1600 is also "safe"
I know 1000px seems the safer bet, but 1200px = more usability = more users/uptake .. and, it shouldn't affect actual real world entropy
Class, discuss!Sponsor 131 - Phase 2 - Privacy Browserma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32308Stop inner letterbox jiggling as border is dragged2023-05-04T05:43:28ZcypherpunksStop inner letterbox jiggling as border is draggedTBB 9.0
Linux 64
Cinnamon
The inner content area of the letterbox jiggles violently as the Tor Browser window border is dragged to resize. The effect is worse on horizontal (width) than vertical (height). Ideally, the content area wou...TBB 9.0
Linux 64
Cinnamon
The inner content area of the letterbox jiggles violently as the Tor Browser window border is dragged to resize. The effect is worse on horizontal (width) than vertical (height). Ideally, the content area would crisply snap as the border shrinks or grows.Sponsor 131 - Phase 2 - Privacy Browserrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31821reapply window.open() clamping2022-11-29T15:31:19ZThorinreapply window.open() clampingIn alpha we seem to have lost the 10px clamping for new windows (which are opened in a new tab: see legacy/trac#9881 )
- See https://bugzilla.mozilla.org/show_bug.cgi?id=1556016
- See https://ghacksuserjs.github.io/TorZillaPrint/TorZill...In alpha we seem to have lost the 10px clamping for new windows (which are opened in a new tab: see legacy/trac#9881 )
- See https://bugzilla.mozilla.org/show_bug.cgi?id=1556016
- See https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html - click the `new window` button
Pic to follow: example of a user resizing the browser for more real estate: which we want to encourage for uptake and for the letterboxing buckets to be less FP'able (I assume).
Would be good to upstream itSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22130Use an "international" formatting for Dates etc, instead of US English locale2024-03-03T12:55:50ZArthur EdelsteinUse an "international" formatting for Dates etc, instead of US English localeRight now we use
`javascript.use_us_english_locale`
but this is not friendly to non-US users. We should use Date formats with maximum readability across locales. For example, the ISO 8061 is pretty good, although I don't like the T in th...Right now we use
`javascript.use_us_english_locale`
but this is not friendly to non-US users. We should use Date formats with maximum readability across locales. For example, the ISO 8061 is pretty good, although I don't like the T in the middle.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41434Letterboxing bypass through secondary tab (popup/popunder...)2022-12-08T17:41:30Zma1Letterboxing bypass through secondary tab (popup/popunder...)We should apply letterboxing to about:blank (we currently do not) because any web page can read the DOM of a new window/tab it creates.
And even if we do, current letterboxing implementation seems to have a race condition allowing the op...We should apply letterboxing to about:blank (we currently do not) because any web page can read the DOM of a new window/tab it creates.
And even if we do, current letterboxing implementation seems to have a race condition allowing the opener to bypass letterboxing.
PoC:
https://people.torproject.org/~ma1/bugs/lb/
@richard , @pierovSponsor 131 - Phase 5 - Ongoing Maintenancema1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41127Review Mozilla 1726524: Screen reader (narrate) in reader view doesn't work i...2023-11-02T09:42:34ZrichardReview Mozilla 1726524: Screen reader (narrate) in reader view doesn't work if privacy.resistFingerprinting is enabled## https://bugzilla.mozilla.org/show_bug.cgi?id=1726524
So Mozilla's solution here is to just disable text-to-speech in reader view entirely when `privacy.resistFingerprinting` is enabled, which kind of sucks. The argument is that the a...## https://bugzilla.mozilla.org/show_bug.cgi?id=1726524
So Mozilla's solution here is to just disable text-to-speech in reader view entirely when `privacy.resistFingerprinting` is enabled, which kind of sucks. The argument is that the available voices is a big fingerprinting vector (which sure it is) but it seems either:
- reader view should be carved out somehow
- available voices could be normalized per platform
Set a due date to @ henry once he starts and has a gitlab account.
cc: @tom for your curiositySponsor 131 - Phase 5 - Ongoing Maintenancehenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40910Unicode characters not rendering in 11.5a9 on Mac2022-07-06T20:42:34ZdonutsUnicode characters not rendering in 11.5a9 on MacSee this report from a Cypherpunk here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40671#note_2800609
> Hello,
>
> My TB Alpha could not render Unicode characters. As far as I have tested, the unrenderable char...See this report from a Cypherpunk here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40671#note_2800609
> Hello,
>
> My TB Alpha could not render Unicode characters. As far as I have tested, the unrenderable characters include the alphabet of Chinese, Japanese etc.
>
> This is a sample screenshot of my TBB: https://ibb.co/6W2bbQx GitHub gist also renders weird: https://ibb.co/GHv6y0B
>
> I believe this was already addressed on ticket #40382. Yet, none of the discussions on the ticket helped me resolve this issue.
>
> TB Alpha version on "about:preferences": 91.8.0esr (64-bit) TB Alpha version on homepage: 11.5a9 Platform: macOS Monterey (12.3.1)Tor Browser 11.5Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40058ensure no locale leaks from new Intl APIs2022-10-14T17:41:39ZMark Smithensure no locale leaks from new Intl APIsFrom #33534:
Firefox 76 enabled the following:
- numberingSystem and calendar options for the `Intl.NumberFormat`, `Intl.DateTimeFormat`, and `Intl.RelativeTimeFormat` constructors
- the `Intl.ListFormat` API
Firefox 78 added support f...From #33534:
Firefox 76 enabled the following:
- numberingSystem and calendar options for the `Intl.NumberFormat`, `Intl.DateTimeFormat`, and `Intl.RelativeTimeFormat` constructors
- the `Intl.ListFormat` API
Firefox 78 added support for `Intl.DisplayNames`.
It looks like `RelativeTimeFormat()` may leak the current locale if the caller passes undefined to the constructor instead of a locale string. Other APIs may have similar problems that could make it easier to perform fingerprinting based on the user's locale.
https://bugzilla.mozilla.org/show_bug.cgi?id=1625975 \
"Enable numberingSystem and calendar options by default"
https://bugzilla.mozilla.org/show_bug.cgi?id=1589095 \
"Add support for "type" and "style" options to Intl.ListFormat and enable Intl.ListFormat by default"
https://bugzilla.mozilla.org/show_bug.cgi?id=1557727 \
"Implement the Intl.DisplayNames proposal"Sponsor 131 - Phase 5 - Ongoing MaintenancePier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32253Zooming and letterboxing2023-05-10T19:36:55ZcypherpunksZooming and letterboxingZooming changes reported window size, so letterboxing should be applied. This does not work at the moment or is buggy:
1. does not letterbox on zoom event, only after resizing the window
2. resizing the window on a zoomed tab applies pr...Zooming changes reported window size, so letterboxing should be applied. This does not work at the moment or is buggy:
1. does not letterbox on zoom event, only after resizing the window
2. resizing the window on a zoomed tab applies proper letterboxing (multiples of 100) only after resizing the window back to its standard/default size
3. when resizing the window back to its default size, the letterboxing is still applied to all other non-zoomed tabs, making their size smaller than standard despite the available space for default sizeSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31064Letterboxing is enabled in priviledged contexts too2022-11-17T18:25:02ZcypherpunksLetterboxing is enabled in priviledged contexts tooIt seems harmless, isn't it? Or is it because some JS may be used to capture screen size with PDFs? For view-source: I can't think of any scenario.It seems harmless, isn't it? Or is it because some JS may be used to capture screen size with PDFs? For view-source: I can't think of any scenario.Sponsor 131 - Phase 5 - Ongoing Maintenancema1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30556Re-evaluate letterboxing dimension choices2023-10-03T15:37:50ZTom Rittertom@ritter.vgRe-evaluate letterboxing dimension choicesAt some point, maybe we should reconsider our choice for letterboxing dimensions.
This ticket is primarily to serve as a place to attach my ipython script for safekeeping for years from now.At some point, maybe we should reconsider our choice for letterboxing dimensions.
This ticket is primarily to serve as a place to attach my ipython script for safekeeping for years from now.Sponsor 131 - Phase 5 - Ongoing Maintenancema1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29564DOMRect (and subpixels)2023-09-01T01:56:45ZThorinDOMRect (and subpixels)Test site: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#domrect
Note: this is the same code as used by [2] which is **based on** [3]
[2] https://canvasblocker.kkapsner.de/test/domRectTest.html
[3] https://browserleak...Test site: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#domrect
Note: this is the same code as used by [2] which is **based on** [3]
[2] https://canvasblocker.kkapsner.de/test/domRectTest.html
[3] https://browserleaks.com/rects
I expect differences between OS (Windows vs Linux vs macOS etc), but not between platforms (Ubuntu vs Debian). My test suite is not definitive, **so there may be others**: results
Win7/10:
`2380796ca1fab68e105199501407219d670114c99e0cee1cf176e03a04bad769`
^^ good
Mint, Ubuntu, openSUSE
`8607449084c2811952029f052ef158346f4c850795376e3de41ed3ea229add6b`
^^ good
Debian
`bb24643dfd4856c875a2b8dd877b5ec76626c2d88b77c963e20c8f788823e420`
^^ **not good**Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/4316Site Zoom is not reset on new identity2020-06-27T14:43:10ZMike PerrySite Zoom is not reset on new identityI just noticed site zoom is not being reset by new identity in TBB, even though we should be clearing it via a pref we added in one of the patches, as well as the Firefox pref.I just noticed site zoom is not being reset by new identity in TBB, even though we should be clearing it via a pref we added in one of the patches, as well as the Firefox pref.TorBrowserBundle 2.2.x-stablehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/3059Find some way to deal with time-based fingerprints2020-06-27T14:43:14ZMike PerryFind some way to deal with time-based fingerprintsWe have a few potential solutions to time-based fingerprinting attacks, some based in Torbutton, some based as patches to Tor Browser. This bug is the parent for all of them.
[[TicketQuery(parent=legacy/trac#3059,format=table,col=compon...We have a few potential solutions to time-based fingerprinting attacks, some based in Torbutton, some based as patches to Tor Browser. This bug is the parent for all of them.
[[TicketQuery(parent=legacy/trac#3059,format=table,col=component|owner|summary|priority|points,order=priority)]]TorBrowserBundle 2.3.x-stablehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/2934Experiment with JSHooks for Date() and Event.timeStamp2020-06-27T14:43:14ZMike PerryExperiment with JSHooks for Date() and Event.timeStampInstead of patching Firefox for tickets legacy/trac#1517 and legacy/trac#2876, we can experiment with JShooks to prototype it and provide minimal protection for unpatched Firefox users. This experiment can also help us try to determine h...Instead of patching Firefox for tickets legacy/trac#1517 and legacy/trac#2876, we can experiment with JShooks to prototype it and provide minimal protection for unpatched Firefox users. This experiment can also help us try to determine how much of the web breaks with these hooks.TorBrowserBundle 2.3.x-stable