[tbb-bugs] #32483 [Applications/Tor Browser]: Pref "full-screen-api.enabled" should probably be disabled in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 13 05:01:24 UTC 2019
#32483: Pref "full-screen-api.enabled" should probably be disabled in Tor Browser
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor
| Browser
Version: | Severity: Normal
Keywords: Tor Browser, full | Actual Points:
screen |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
I've noticed in more recent TBB versions 8.5 & 9.x, when "full-screen-
api.enabled" = true, some videos instantly start in full screen. Happens
in default private browsing mode or non-private browsing. When the pref =
false, nothing changes TBBs spoofed size.
There is no warning - but I assume there could (should) be one, asking if
user wants full screen, instead of just allowing it?
Of course, most sites require at least 1st party scripts be allowed to
play any vid. Some won't show text without JS enabled.
With the concern over spoofing screen sizes, what is the thinking of this
pref being enabled. Is it that "full screen" technically isn't =
"maximized browser available screen size"? They can still tell the exact
resolution of the monitor or display, which varies a lot in phones or
notebooks / desktops.
Also - not the same problem, but if we're worried about not changing TBB's
screen size from default, the maximize and restore control button (middle)
should be grayed out.
It's too easy to hit the maximize window button when trying to minimize to
tray or close browser. That also doesn't ask before changing screen size
- only a warning after. After the horses are out of the barn.
Have a pref or setting somewhere else to re-enable the maximize window
button, for those that don't care about fingerprinting.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32483>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list