Viewport protection #2294
Viewport protection #2294
Conversation
fix incorrect site setting value at startup remove code from visual_viewport remove devicePixelRatio override
fix incorrect site setting value at startup remove code from visual_viewport remove devicePixelRatio override
…into viewport-protection
|
when you have time, can I ask you an opinion on this too? |
|
There is also https://arthuredelstein.github.io/tracking_demos/screen.html (from brave/brave-browser#23170). So this would make the current fingerprinting patch obsolete, except for the Can you please remove the content setting and make it a feature flag for now? We might have a content setting for fingerprinting mitigations in future but I have not yet figured out what is best on that. |
yes, that is the goal.
is the next one I will make. I have already seen that it is probably possible to change the content of the canvas without the fingerprinting scripts noticing.
as you prefer. |
in fd38a5a I removed the site setting. |
|
@uazo Does this PR apply over chromium 112? |
|
this one no, it is out of date |
Description
continue from #2175
I went ahead with the implementation, and this is the one I like the most of the versions I have developed.
basically it acts on the size of the screen and the view through the use of the emulator mode (which is normally active only in the desktop versions of chromium).
the use of those api allowed me to minimize the changes (because I let chromium behave as normal) and above all to have a greater guarantee about future changes (being an api internal to chromium).
I also added the function that modifies the rect of the dom regardless of how they are defined via css: substantially I have changed the zoom of the page since all the coordinates calculated from that, so:
now yes. By disabling the flags of ungoogled, the values do not remain constant, indeed the fingerprinting tools do not detect the anomaly.
the patch in fact reduces (or increases) the space available to the blink view with two factors:
in the code you will also find the management of remote frames (which I finally understood :) that they are the local same-domain IFRAMEs and remote cross-domain ones) because to they I pass the screen value of the top page and inhibit access to the browser controls size (innerWidth/Height == outerWidth/Height).
if you can try to give an eye...
to test it I used
https://canvasblocker.kkapsner.de/test/domRectTest.php
https://abrahamjuliot.github.io/creepjs/tests/domrect.html
https://abrahamjuliot.github.io/creepjs/tests/screen.html
https://dev-pages.brave.software/fingerprinting/farbling.html
https://browserleaks.com/rects
https://privacycheck.sec.lrz.de/active/fp_gcr/fp_getclientrects.html
https://arkenfox.github.io/TZP/tests/domrectspoof.html
but i'm thinking the next step will be to finally start building some bromite test
All submissions
Format
Subject: Alternative cache (NIK-based)->Alternative-cache-NIK-based.patch)