Privacy/Features/Limit CSS3 resolution: Difference between revisions

Status

{{#set:Feature name=Limit CSS3 resolution and window.screen info to render window size

|Feature stage=Draft |Feature status=` |Feature version=` |Feature health=OK |Feature status note=` }}

Team

{{#set:Feature product manager=Sid Stamm

|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Several projects inlcuding the EFF's panoptclick and Tor (https://trac.torproject.org/projects/tor/ticket/2875) have notices that both desktop resolution can be used to fingerprint users.

There are two issues here: information leaked via Javascript and information leaked via CSS media queries.

2. Users & use cases

-Privacy Enhancing Addons such as the Tor button -web developes testing the behavior of their websites on different platforms

3. Dependencies

`

4. Requirements

-CSS properties must not reveal browser side.

Non-goals

-No need to touch Javascript related functions/attributes as these can be handled by the capabilities code.

Stage 2: Design

5. Functional specification

Add a preference to to hide css device information (disabled by default)

When this preference is enabled CSS devuce queries should return the window values instead.

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

No Need?

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Several projects inlcuding the EFF's panoptclick and Tor (https://trac.torproject.org/projects/tor/ticket/2875) have notices that both desktop resolution can be used to fingerprint users.

There are two issues here: information leaked via Javascript and information leaked via CSS media queries. |Feature users and use cases=-Privacy Enhancing Addons such as the Tor button -web developes testing the behavior of their websites on different platforms |Feature dependencies=` |Feature requirements=-CSS properties must not reveal browser side. |Feature non-goals=-No need to touch Javascript related functions/attributes as these can be handled by the capabilities code. |Feature functional spec=Add a preference to to hide css device information (disabled by default)

When this preference is enabled CSS devuce queries should return the window values instead. |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=No Need? |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}

Feature details

{{#set:Feature priority=P1

|Feature rank=999 |Feature theme=Advancing Anonymity |Feature roadmap=Privacy |Feature secondary roadmap=` |Feature list=Platform |Feature project=` |Feature engineering team=` }}

Team status notes

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}