74
Designing Firefox for the future
(blog.mozilla.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 May 2026
74 points (100.0% liked)
Firefox
22762 readers
264 users here now
/c/firefox
A place to discuss the news and latest developments on the open-source browser Firefox.
Rules
1. Adhere to the instance rules
2. Be kind to one another
3. Communicate in a civil manner
Reporting
If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.
founded 6 years ago
MODERATORS
eh it looks cool and all, but why do we need a redesign every 6 months?
shouldn't they be using those man-hours to like, solve the fingerprinting problem for example?
https://arkenfox.github.io/thorin/items/02browserfingerprinting.html
you can't "solve" fingerprinting. spoofing makes you more unique. and you cannot spoof everything. looking normal helps more than trying to hide. the only real solution to it would be creating a standard to all browsers, which is what tor does, and it's why it works. same settings, same window size, same engine, etc. if you want fingerprinting resistance, use tor!
how does spoofing make you more unique? If I change my browser resolution to a more common resolution that would make me less recognizable, for example.
You can lie to the website and say your resolution is 1024x768. But what happens when the JavaScript fingerprinting checks the actual width of the view port? Your view port is most likely larger than your stated screen size.
Sounds like a limitation of the spoofing technology, and shameless spying on the websites part. I'm not a tech expert but is there nothing that you can lie to the websites about and they can't check or verify it? For example the list of fonts?
That one in particular you potentially could, though it does raise the question of what would happen if you report you have a don’t you don’t, and the site tries to push content using that font.
I had an add-on at one point (or possibly a uBlock origin setting?) to block all remote fonts and just use a local one. Might work fine if it's integrated with something like that.
because when you spoof whatever is fingerprinting you sees that you're actually providing fake data, so now you enter the list of the "hidden" instead of blending in. this is the core philosophy of tor browser, and a known fact. if you read partially the article i linked it talks about this.
I think he meant amount of human hours spent on total bs like redesign and real engine improvements, nithing more.
there you go. do that to firefox.
this would imply not being able to resize your window for example... you cant do that to a general purpose software. you need to useba tool that fits your needs. it would be the equivalent of complaining about Debian not being an amnesiac distro. Tails exists for this...
Or it would let you resize and report the same size as everyone else.
that's spoofing, spoofing makes you stand out more...
What do you mean? If all Firefox users report the same size, than you are one of many. That's the point. It makes you stand out less. Off course this works only if you are not the only one that sticks out and its the default.
This is the philosophy of the Mullvad browser, which is basically as close as you can get to Tor for browsing the clear net. If anonymity is the goal, however, you don't want to use it to log into any accounts.
this is one thing, do you understand how limiting it would make the browser? its not just window size, this is one example. and afaik if you spoof your window size you can break rendering of pages. again, you're comprimising everyday usage. im not saying there isn't a way at all, maybe there is, but it's not some trivial thing, ive followed arkenfox for quite a few years and they've been saying the same. the amount of time it takes to make a redesign is nothing to making an unfingerprintable browser. if that's even a thing. and remember that you cant spoof everything.
I didn't say that? I'm just talking about the point you were making earlier about resizing the window. You said it would imply that not being able to resize our window for example, and I just provided a possible way to do exactly that. That's all. And then counter argued your follow up point it would contribute to make me stand out more, that it in fact would decrease the possibility to stand out, not increase.
I'm not arguing that it would work for every webpage without breaking it, nor did I talk about the entire finger printability of a browser.
Users report the same size, fingerprinters now ignore this. They do still use JavaScript to determine the actual size of the window, and likely your resolution along with it.
If the browser is programmed to report a single size, then its impossible for JavaScript to determine the actual size. Because all JS would get is the same resolution. That's the idea of the suggestion.
That simply doesn’t work.
Okay, let’s say that the standard “what is the window size” JavaScript method is intercepted and altered, how do you handle setting an element to a specific percentage width and then determining how wide it is in pixels? Or any of the other ways I can think to accomplish this same thing?
If you intercept all of those, you effectively break any site with relative movement of elements with JavaScript.
And that’s just one example.
...and then your websites break, because you actually need to render them correctly.
...or it needs to be your actual window size, too.
If the browser size is a standard size which is often tested to work with, then i don't see it as such a big of a deal. Most sites are also resolution independent. We are no longer in 2010. Do you know any site that could break because you don't use a specific resolution?
I don't think you understand.
If you spoof your resolution and window size to the degree that it's undetectable you effectively have to render it in that resolution.
Guess how websites make it so that they work on any resolution? They use relative units and whatnot that make it work that way, and all that is detectable one way or another. So you'd have to spoof it all in order to resist fingerprinting - and that is either going to break the rendering, or it's going to effectively render that website at that resolution, making it a bad experience for regular users either way.
I do wish this was an option for more "normal" browsers, and that they resisted fingerprinting better in some other ways, but you have to make serious compromises to make it work fully.
since you mention it, firefox has a feature where it launches with a generic predetermined window size so you blend in. even then screen resolution can only get them so far.
i'm not calling for firefox to be tor, just that everyday software must be more private too.
yes, tor uses that feature to make all users look the same, if you resize a bit your tor window that's it. you can be identified. for fingerprinting to work every browser would need to look the same. this means no extensions, no difference in window size, same settings, etc. do you think that's actually feasible for an everyday browser? really?
i know. but each point you touched can be improved upon. my point is that browsers are too transparent to third parties, and that should be one of the priorities.
Not sure I'd be okay trusting designers to solve fingerprinting.
i'd trust mozilla to pay for developers instead of yearly redesigns.