Firefox is getting more browser fingerprinting protection courtesy of Tor Browser's "letterboxing" technique

Even if you block cookies, many sites still track you with "browser fingerprinting," that use the unique combination of your screen resolution, browser and OS version, installed fonts and plugins, and other data that allows you to be reliably identified between sessions and across sites.

To fight this, the Tor Browser uses a technique called "letterboxing," that reports browser size rounded down to 100px increments, meaning that in nearly every case, your browser has the same dimensions as millions of other users' browsers; once the page has loaded and your browser has ceased to interact with the server, the content is resized to the true dimensions of your window.

The feature has been a part of Tor Browser since 2015; now it is being integrted into Firefox (Tor Browser is a derivative of the Firefox browser). It's part of "Tor Uplift," which is gradually moving privacy features from Tor Browser into Firefox. Firefox has already implemented other anti-fingerprinting techniques from Tor, including a blacklist of known-fingerprinting domains, protection for font-based fingerprinting, anti-HTML5 fingerprinting countermeasures, and per-domain cookie separation.

According to a Bugzilla entry, this is how Firefox's letterboxing protection works in these two states:

When the user maximizes the window, the largest possible viewport is used, again a multiple of 200 x 100. Empty gray margins in the chrome part of the window cover the rest of the screen. Similarly, in fullscreen, the viewport is again given dimensions a multiple of 200 x 100, and the chrome areas around it are set to black.

Finally, an extra zoom was applied to the viewport in fullscreen and maximized modes to use as much of the screen as possible and minimize the size of the empty margins. In that case, the window had a "letterbox" (margins at top and bottom only) or "pillbox" (margins at left and right only) appearance. window.devicePixelRatio was always spoofed to 1.0 even when device pixels != CSS pixels.

The only thing that's missing in Firefox's letterboxing support is the warning that the Tor Browser shows users when users are maximizing their window.

When privacy.resistFingerprinting=true, dynamically round content dimensions

Firefox to add Tor Browser anti-fingerprinting technique called letterboxing [Catalin Cimpanu/Zdnet]

(via /.)