Whitelisting Specific CSS Media Queries

While I understand it reduces anonymity, I strongly prefer having websites respond to the “prefers-color-scheme” CSS media query. Unfortunately, this query is forced to return “light” while privacy.resistFingerprinting is enabled.

I find it bizarre that this setting is so monolithic: if I disable it, Tor Browser starts doing things as stupid as reporting my actual time zone to every website. All I want to do is allow that specific media query to work: I don’t want to turn off every bit of privacy preservation!

I’ve looked at the section of the code responsible for this: I think it would be trivial to add a hidden setting consisting of a list of CSS Media Queries that are whitelisted while resistFingerprinting is on: there’s already a similar setting for whitelisting domains, in fact. Would there be any interest in accepting such an addition?

I believe it is important for Tor Browser to be as private as possible while maintaining a desired amount of usability: allowing more granular controls is an important part of that balance.

I have settled on using an extension that allows me to quickly disable resistFingerprinting while I want dark mode. I consider this incredibly dumb.


If I wanted to submit a pull request that implemented a setting for this, would I submit it to Firefox or Tor Browser? This is extremely easy to fix, especially given the existing precedent, but I’m not sure how to contribute.

Don’t do that. RFP is a global switch, not a per site one - so all open tabs will be leaking as soon as you pref flip, and some fingerprinting metrics may requirea reload (or restart?) - for example a service worker isn’t atomic (not that Tor Borwser which starts in private mode has service workers).

RFP will never take an approach of allowing certain metrics to be flipped on/off globally - that damages the fingerprint and puts the crowd at risk - and you would be highly identifiable, maybe unique (TB’s various fingerprints are already highly crafted and stick out). It is an all in buy in. Instead it carves out site exceptions - currently only for the one metric: canvas (temporary or permanent: permanent doesn’t work on Tor Browser because site exceptions are never written to disk).

However, granularity is being added to disable RFP on a principal and site basis. That is being worked on upstream, but that is not to say that Tor Browser will entertain it (in fact I think they will lock the settings, but who knows). It’s not just a simple case of carving out a metric protection exception, it is plumbing all the RFP checks to receive the right information on what the principals and site is - and it also involves timezone, which needs to be replaced (the current method is a bit hacky)

prefers-color-scheme is not even universal, it is arbitrary (the website may or may not support it). Learn to live with it.

2 Likes

This topic was automatically closed 2 hours after the last reply. New replies are no longer allowed.