Title: outerHeight protection causes value fluctuation on mobile when combined with RFP #768
Description
Description:
When using Firefox with both Canvas Blocker and Resist Fingerprinting (RFP) enabled, protecting outerHeight in Canvas Blocker causes the reported browser window size to fluctuate on mobile while scrolling. This behavior does not occur when:
Only RFP is enabled, or
outerHeight protection is disabled in Canvas Blocker.
Steps to reproduce:
-
Use Firefox on Android (RFP enabled: privacy.resistFingerprinting = true).
-
Install Canvas Blocker.
-
Enable protection for outerHeight in Canvas Blocker.
-
Scroll down so the browser UI (address bar, navigation bar) hides and shows.
-
Observe that the reported browser window height alternates between two values (e.g., 522×1034 and 522×1090).
Expected behavior: With RFP enabled, outerHeight should remain constant regardless of scrolling, matching the fixed value RFP provides.
Actual behavior: Canvas Blocker intercepts outerHeight and applies spoofing based on the real browser UI height, causing a fluctuating spoofed value that overrides RFP’s constant.
Impact: The fluctuating value may act as a fingerprinting vector since it reveals dynamic changes in the browser UI.
Additionally, it overrides RFP’s intended uniform values for all users, reducing the anonymity set.
Suggested fix:
When RFP is enabled, Canvas Blocker could detect it and avoid overriding RFP’s fixed values for metrics like outerWidth/outerHeight.
Alternatively, allow a “respect RFP for these APIs” option in the settings.
Environment:
Firefox Mobile (version 1.41.0.0)
Android 11
Canvas Blocker version 1.11
privacy.resistFingerprinting = true