Cyber AttacksVulnerabilities

Firefox to add anti-fingerprinting technique letterboxing


Mozilla is soon to bring a new user anti-fingerprinting feature to Firefox in its latest version 67 which is scheduled for mid-May this year. The new technique known as letterboxing adds “gray spaces” to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.

There are advertising networks that check for certain browser features like window size to create user profiles and track users when they resize their browser and move across new URLs and browser tabs.

The basic idea is that during resizing operation, the letterboxing will mask the window’s real dimensions by keeping the window width and height at multiples of 200px and 100px. This will generate the same window dimensions for all users and then add a gray space at the top, bottom, left, or right of the current page.

The advertising code that looks for window resize events, reads the generic dimensions and sends the data to its server. After that the Firefox will remove the gray spaces using a smooth animation a few milliseconds later.

Letterboxing delays filling the newly-resized browser window with the actual page content to trick the advertising code into reading incorrect window dimensions.

The letterboxing technique is not a new one and it was actually developed for the Tor Browser in 2015. Mozilla is just integrating this feature in their browser.

At present, Letterboxing is available in Firefox Nightly and will be generally available for all users with the release of Firefox 67.

However, this feature is not enabled by default. The users have to visit the about:config page, enter “privacy.resistFingerprinting” in the search box, and toggle the browser’s anti-fingerprinting features to “true.”

Firefox’s letterboxing support not only work while resizing a browser window but also works when users are maximizing the browser window, or entering in fullscreen mode.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    NSA releases Ghidra open source reverse engineering toolkit

    Previous article

    Google Chrome Update Patches Zero-Day Vulnerability

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *