Locked sticky issue for tracking privacy.resistFingerprinting

• Tor Uplift
• MVP Tracking
• Bugzilla META RFP ticket
• Tor Uplift Dependency Tree
• Mozilla Support: Firefox's protection against fingerprinting

Last updated: see changelog at foot (regularly cleaned out)

RESOLVED & ADDED TO USER.JS ^{if applicable}

🔻 FF41

• 418986 enable privacy.resistFingerprinting (limit window.screen & CSS media etc)
  // user_pref("privacy.resistFingerprinting", true);

🔻 FF50

• 1281949 spoof screen orientation
• 1281963 hide the contents of navigator.plugins and navigator.mimeTypes
  • FF53: 1324044 fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray

🔻 FF55

• 1330890 spoof timezone as UTC 0
  • FF58: 818634 deprecates Date.toLocaleFormat
  • FF60: 1409973 fixes Date.toLocaleDateString and Intl.DateTimeFormat
• 1330882 new window sizes to round to hundreds & override prefs
  // user_pref("privacy.window.maxInnerWidth", 1600);
  // user_pref("privacy.window.maxInnerHeight", 900);
• 1360039 spoof navigator.hardwareConcurrency as 2
• 1217238 reduce precision of time exposed by javascript

🔻 FF56

• 1369303 spoof/disable performance API
• 1333651 & 1383495 & 1396468 spoof navigator API
  • FF57: 1393283 spoof as ESR instead of 10s
  • FF59: 1415488 UA leaks over HTTP CONNECT method - fixed as a result of 1419771
  • FF59: 1404608 do not lie about OS (limit to Windows, OSX, Android, or Linux)
  • FF59: 1418672 due to ESR being out of whack and Aurora/Nightly sometimes being ahead of ESR releases, the value is now temporally hardcoded to 52
  • FF60: 1418162 ESR algorithm fixed for 60+7's
  • FF63: 1472618 navigator.platform returns "Win32" (but JS UA still shows 64bit)
  • FF66: 1509829 upstream Tor 26146 reduce UA HTTP headers to two OSes (Windows, Android)
  • FF67: 1511763 ESR cadence fixed to 60+8's
  • FF68: 1511434 UA Spoof -> Windows 10, OS 10.14, Android 8.1
  • FF78: 1599188 version algorithm hardcoded in 78+ to cadence 13
  • FF78: 1635011 UA Spoof -> OS 10.15, Android 9.0
• 1369319 disable device sensors
• 1369357 disable site specific zoom
• 1337161 hide gamepads from content
• 1372072 spoof network information API as "unknown"
• 1372069 block geolocation requests
  • FF63: 1441295 reverted: RFP no longer blocks geo
• 1333641 disable WebSpeech API

🔻 FF57

• 1369309 spoof media statistics
• 1382499 reduce screen co-ordinate fingerprinting in Touch API
• 1217290 enable fingerprinting resistance for WebGL
  • FF58: 1409677 WebGL issues
• 1382545 reduce fingerprinting in Animation API
• 1354633 limit MediaError.message to a whitelist
• 1382533 enable fingerprinting resistance for Presentation API
• 1384330 disable mozAddonManager Web API
  // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);

🔻 FF58

• 967895 prompt (site permission) before allowing canvas data extraction
  • FF59: 1413780 when RFP=true include canvas in site permissions panel
  • FF59: 1376865 reduce canvas prompt fatigue by only prompting when user initiated (controlled by a temp pref privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts )
  • FF61: 1412961 RFP breaks extensions using canvas eg Screenshots:

  • until then, you can open about:debugging>Add-ons, click the extension's manifest.url and on that page, right click >View Page Info>Permissions and set a canvas exception

  • FF62: 1453916 Fixes more extension + canvas issues
• 1397611 extensions can control privacy.resistFingerprinting
• 1424341 FYI ONLY: Timing: not added to user.js: RFP timing & timer precision
  // privacy.reduceTimerPrecision
  // privacy.resistFingerprinting.reduceTimerPrecision.microseconds

🔻 FF59

• 1372073 spoof/block fingerprinting in MediaDevices API
• 1039069 warn when language prefs are set to non en-US
  • privacy.spoof_english (pref is used internally AFAICT, we should not meddle with it)
  • at this stage the pref has not been added to the user.js, but the bugzilla has
• 1222285 spoof keyboard events and suppress keyboard modifier events
  • FF59.0.2: 1433592 don't spoof/suppress CTRL key
  • FF60: 1438795 fixes keydown/keyup events
  • Test: https://w3c.github.io/uievents/tools/key-event-viewer.html

🔻 FF60

• 1337157 disable WebGL debug renderer info (see 2011)
• 1425462 FYI ONLY: Timing: not added to user.js: RFP timing precision jitter
  // privacy.resistFingerprinting.reduceTimerPrecision.jitter

🔻 FF62

• 1459089 [Firefox for Android] HTTP Accept-Language header no longer leaks OS locale

🔻 FF63

• 1479239 return no-preference with prefers-reduced-motion

🔻 FF64

• 1363508 spoof/suppress Pointer Events

🔻 FF65

• 1492766 pointerEvent.pointerid

🔻 FF67

• 1485266 enforce ui.use_standins_for_native_colors=true (2618)
• 1407366 RFP letterboxing
  // user_pref("privacy.resistFingerprinting.letterboxing", true);
  // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", "");
  • FF68: 1548634 stepped ranges
• 1485264 FYI: remove dom.event.highrestimestamp.enabled
• 1494034 enforce light with prefers-color-scheme - see MDN for this standard added in FF67

🔻 FF68

• 1492587 possible date picker locale leak fix

🔻 FF70

• 1564422 spoof audioContext outputLatency per OS

🔻 FF72

• 1595823 spoof audioContext sampleRate

🔻 FF74

• 1607316 spoof pointer as coarse and hover as none on android

🔻 FF78

• 1621433 randomize canvas
  • note: as of writing, isPointInPath and isPointInStroke still use the white-canvas

🔻 FF80

• 1653987 font visibility is restricted to BaseFonts (non Android)
  • click here
  • the lists are hardcoded lists with two parts kBaseFonts and kLangPackFonts
  • note: this is the same as setting layout.css.font-visibility.level = 1

🔻 FF82

• 1461454 spoof smooth=true and powerEfficient=false for Supported Media in MediaCapabilities

CHANGELOG

2020

• May 6: cleaned out changelog
• May 6: 1635011 (rfp os spoof changes) → FF78+ (under FF56 section)
• May 15: added entries for FF74 and FF78
• Jul 29: 1653987 (font visibility) → FF80+
• Nov 11: 1461454 (mediaCapabilities) → FF82+
• Dec 26: removed followups, pending, and invalid/wontfix sections since I'm not maintaining them and they're out of date

...