Closed Bug 1705930 Opened 4 years ago Closed 4 years ago

privacy.resistFingerprinting forces prefers-color-scheme to choose light

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Version:
Firefox 87
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: newpavlov, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Enable fingerprint resistance by setting privacy.resistFingerprinting to true, enable dark theme by setting ui.systemUsesDarkTheme to 1 or toggle dark mode simulation in the inspector. Visit a page which uses @media (prefers-color-scheme: dark) { .. } (e.g. https://devtools-color-simulation-external-svg.glitch.me ).

Actual results:

Firefox renders such pages and SVG images in them according to default styles or rules described in @media (prefers-color-scheme: light) { .. }.

Expected results:

The pages should be rendered using the "dark" rules.

It's understandable that this behavior can be viewed as a proper feature, not a bug. A good compromise would be to have an option to disable this behavior using an additional option, something like privacy.resistFingerprinting.forceLightThemeRendering.

Summary: privacy.resistFingerprinting forces light theme styles → privacy.resistFingerprinting forces prefers-color-scheme to choose light

The Bugbug bot thinks this bug should belong to the 'DevTools::Inspector' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Inspector
Product: Firefox → DevTools
Blocks: finegrained-rfp
Component: Inspector → Security
Product: DevTools → Core

This is doing exactly what it is meant to do. It might not seem like much (binary), but they all add up, and it's not evenly spread: light is the default, dark users would be a smaller subset. But that's not really the point. The point is, that RFP is an all-in or nothing in order to be effective. When you start allowing users to toggle various parts of it on and off (there have already been multiple requests for ignoring perfers-color-scheme see Bug 1535189, timezone spoofing see Bug 1364261, and other protections, pretty sure there is one for timing mitigations as well), then the whole concept falls apart. Usability, compat and accessibility are powerful reasons, but giving end users, who are not expected to know better, the means to break parts of it and most likely still think they're somewhat protected, is not a good move.

The real answer is to allow site exceptions (where it is obvious to the end user that the protection is being disabled for that site: no ambiguity): e.g. if you're already logged into google docs, I don't seem much harm: especially given that most other sites probably wouldn't have an exception - and that is Bug 1450398 (somewhat, thanks :evilpipe) but more like Bug 1635603 which (I think still) needs Bug 1642679

:tjr close as WONTFIX?

Flags: needinfo?(tom)
Blocks: 1706290

Yes; at the moment Tor doesn't intend to allow users to override light/dark mode for RFP. If Tor wants to provide an option (either via a hidden pref or an exposed preference) then we will assist them in doing so.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(tom)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.