Add support for screen size and window offsets in the profiles

[dillbyrne]

In addition to the current random screen size option that exists as of 0.9.2. Screen sizes should also be added to the profiles so that they match the real devices values to allow users to blend in better.

Examples of this are Iphones and tablets where the sizes are all the same for each device type.

Also color and pixel depth values need to be added too.

[dillbyrne]

@deqoksijnc writes

Checking https://panopticlick.eff.org/ again, screen size related information and color depth are the greatest contributors to fingerprinting (I have disabled all plugins which are even worse). Both total screen size and actual window size seem to be leaking and both contribute to fingerprinting.

So it would be good to spoof screen size and depth.
https://developer.mozilla.org/en-US/docs/Web/API/Window.screen
https://developer.mozilla.org/en-US/docs/Web/API/Screen.colorDepth
https://developer.mozilla.org/en-US/docs/Web/API/Window.screenX
https://developer.mozilla.org/en-US/docs/Web/API/Window.mozInnerScreenY

Deciding on what values to substitute for the real screen size/depth is also a challenge,
TOR folks already faced that.
Information, screen size stats and javascript for same problem with TOR:
https://trac.torproject.org/projects/tor/ticket/4810

http://www.w3schools.com/browsers/browsers_display.asp

[ghost]

very nice - looked at the code, built and installed from Github.

The inner/outer Width/height appear to be set to screen resolution which is not realistic when the full screen window property is false?

Imho the window size spoofing is actually the most useful part of screen size spoofing and might deserve an own checkbox to enable separately from screen size spoofing?

The dropdown list of resolutions should be probably ordered by statistics of the most frequent ones, idealy adjusted by platform/user agent if possible. The all platform stats are at http://www.w3schools.com/browsers/browsers_display.asp
1920x1080 1366x768 1280x1024 1280x800 1024x768 800x600

It might be the best strategy to pretend full screen everywhere? Maximised window probably leaks much more information, on a Linux system with some window manager I get this values (without RAS):

full size:
innerWidth 1920
innerHeight 1079 !!!
outerWidth 1920
outerHeight 1080

maximised window:
innerWidth 1920
innerHeight 994
outerWidth 1920
outerHeight 1065

[ghost]

just added
content += "Object.defineProperty( window, 'fullScreen', {value: true});";

to "function windowHandler" and seems to work as intended.

[dillbyrne]

@deqoksijnc Many phones and tablets have full screen and window sizes and do not have window.fullScreen set.

This is an ipads screen details.

I plan to add the exact offsets in the future so they all look normal.

As for the screen sizes you can choose directly from I picked the resolutions here https://en.wikipedia.org/wiki/Display_resolution#Computer_monitors

The new profile option in the screen size drop down will pick a suitable screen size from those defined in the profile.

I would not recommend compiling from the master branch as it is changing and there are changes being made and bug fixes happening. If you want to compile a custom build I recommend to use the source of the latest release.

[ghost]

For desktop it would seem that fullScreen would still be the "least fingerprintable" option? Luckily a large enough share of users run their browsers in fullScreen.

Afaics maximised windows suffer from highly configuration specific window decoration size so they will offer much more fingerprinting opportunities.

Changing (spoofed) window size and offsets randomly might also work, but if the remote fingerprinter can observe such changes (cookie not deleted or other fingerprinting) it might reveal to him that something interesting is going on.

[dillbyrne]

Hello @deqoksijnc

I doubt very many people run in fullscreen all the time but I will add an option and you can check it if you wish.

Afaics maximised windows suffer from highly configuration specific window decoration size so they will offer much more fingerprinting opportunities.

This issue when completed should account for the various browser and system toolbars.

Changing (spoofed) window size and offsets randomly might also work, but if the remote fingerprinter can observe such changes (cookie not deleted or other fingerprinting) it might reveal to him that something interesting is going on.

currently they are set per request and if the random or profile option is selected it will change for each request . This is assuming that the available different screen sizes for the current profile are more than 1. So not an iphone which has a single size where as a desktop can have multiple screen sizes.

[dillbyrne]

investigate CSS screen detection http://www.imamasim.com/cli/css3.htm