Re: [tor-talk] loading some content changes Tor Browser 9.0 to full screen

2019-11-20 Thread Joe 

On 11/19/19 2:53 PM, Matthew Finkel wrote:

Hi!

Sorry for the delay, thanks for your questions.

On Tue, Nov 5, 2019 at 9:16 AM Joe  wrote:

In TBB 9.0, should about:config "full-screen-api.enabled" be "true?"
It is =true by default, in my auto-updated TBB 9.0, in Linux Mint.

Yes.

No problem.  Thanks for the info.

I haven't yet tried to see checked what screen size is reported, e.g.,
to EFF or browserspy.dk, etc., when a site (or content on it) requests
full screen.  Of course, I had to force full screen, then reload the
sites.  I'm not sure that gives same result as a site / content causing
full screen?

**What all prefs need changing to prevent ever going full screen?

Info Matthew pasted:

"Note that requests for fullscreen inside a web app's origin are exempt
  from this restriction", and "Only grant fullscreen requests if this is called 
from inside a trusted
  event handler (i.e. inside an event handler for a *user initiated* event)"

In this context, what does "inside a web app's origin" mean?

Instances of going full screen weren't common - but were random.
As far as "grant fullscreen...for a user initiated event," yes, I
clicked on links, but not 3rd party links or showed in status bar it was
from a different domain.  That's a strange way of putting it - "user
initiated."

Without examining the page source in detail (most won't understand it)
users don't know or expect that clicking a random object on a site they
trust, might go full screen.  If I knew that ahead of time, I wouldn't
click such objects.  "User initiated" - when you ring a doorbell, you
don't expect it to spray toxic gas, though you initiated contact. I'm
not knowingly "giving consent" to anything to force full screen - it's
not the norm.

Testing TBB 9.0.1, when I force full screen (F11), then reverse it, TBB
goes back to the initial "screen size" - at least on Browserspy.dk.  It
displays blank white space / bands around the screen (NOT the same width
on L, R & bottom).  It also uses UP some of the available screen size -
with black bars on L & R of the screen.

The overall screen width detected, INCLUDING wide black bands is a
multiple of 200px, but I'm guessing an interested site could detect the
size that will display content.
After exiting full screen, the width that actually displays content is
an odd w=909 x h=900px, where 2 seconds before going full screen, the
detected size displaying content was 1000px W x 900px H.

So it's not just a matter of detecting real screen size.  It gives them
an odd value in a specific case.

If they can back calculate the vertical scrollbar width by using given
sized images, I don't see why they couldn't calculate the "usable"
screen width (screen width minus black bands).


Disabling fullscreen is not a good solution.

It might be if users were simply asked / warned *before* screen size change.
It is if you don't want random sites or content - unexpectedly - causing
full screen & on exiting full screen, the usable display area is no
longer even multiples of 200 x 100.

They warn on accidentally changing the screen by 2px, but don't prevent
or warn BEFORE a change happens.  The warning process needs to prevent
size change, until users confirm the change.
My screen size changes are all accidental or from not being warned that
some content is asking for full screen mode.



We have another ticket, where the user is prompted before fullscreen is 
allowed, for that:
https://trac.torproject.org/projects/tor/ticket/12979

That ticket's 5+ yrs old.  It's not helping.  Maybe there are much more
important issues (who runs entry / exit nodes).  I will probably disable
"full-screen-api.enabled" and others.

For now, why not add a button / setting in preferences or in... so users
can disable all screen changes (allowed by prefs), until progress is
made on ticket #12979? Users not that worried about fingerprinting can
use default settings.


"full-screen-api.allow-trusted-requests-only" - there are no generally
"trusted requests" to go full screen, if you don't want to give up more
browser info.  Maybe OK for checking function of your own website or such.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] loading some content changes Tor Browser 9.0 to full screen

2019-11-19 Thread Matthew Finkel 
Hi!

Sorry for the delay, thanks for your questions.

On Tue, Nov 5, 2019 at 9:16 AM Joe  wrote:
>
> In TBB 9.0, should about:config "full-screen-api.enabled" be "true?"
> It is =true by default, in my auto-updated TBB 9.0, in Linux Mint.

Yes.

>
> I also see similar (default value) prefs, that may / may not be involved
> here:
> full-screen-api.allow-trusted-requests-only = true
> (does that refer to "trusted requests" from sites, or something else?)
>
> full-screen-api.transition-duration.enter = 0 0 (zeros separated by a
> space)
> full-screen-api.unprefix.enabled = true

Yes.

>
> TBB 9.0 is the first version I remember that loading anything caused TBB
> to go full screen - links, images, videos [non-flash, but played using
> TBB HTML5 player].  Though apparently some things caused problems years
> ago - see old bug.
>
>   Found a several year old trac.torproject bug where some things caused
> window resizing.
> https://trac.torproject.org/projects/tor/ticket/9881
>
> > So what is your proposed patch for this bug then just doing a
> > |browser.link.open_newwindow.restriction = 0|?
>
> > Yes.
> >
> > Plus |full-screen-api.enabled = false| to fix #12609
> > [note:
> > #12609 is closed]
>
> Is that pref's default value now back to true?

It never changed. That comment is a suggestion, it was never
implemented (as far as I know).

>
> My security level is Safer and java script in NS is disabled.
> But even to load text on some sites, at least the first party scripts
> must be allowed.
>
> Maybe js being enabled plus changes in Firefox allow scripts for some
> content to force the (real) detected full screen size, when js is enabled?

Fullscreen is only available if it is initiated by a user clicking on something.

https://searchfox.org/mozilla-esr68/source/dom/base/Element.cpp#3310 says:

  // Only grant fullscreen requests if this is called from inside a trusted
  // event handler (i.e. inside an event handler for a user initiated event).
  // This stops the fullscreen from being abused similar to the popups of old,
  // and it also makes it harder for bad guys' script to go fullscreen and
  // spoof the browser chrome/window and phish logins etc.
  // Note that requests for fullscreen inside a web app's origin are exempt
  // from this restriction.

This also prevents leaking screen dimensions on a webpage unless you
explicitly click on an element that invokes full screen.

Yes, this still leaks real screen dimensions, as Mike discussed in
https://trac.torproject.org/projects/tor/ticket/12609

Disabling fullscreen is not a good solution. We have another ticket,
where the user is prompted before fullscreen is allowed, for that:
https://trac.torproject.org/projects/tor/ticket/12979

>
> But, I've not seen this problem (since TBB screen size was spoofed)
> until upgrading to TBB 9.0.
>
> For several reasons, like accidentally hitting the maximize window
> button vs. close browser button, seems like there should be a pref ? or
> setting that disables the maximize window icon.  That won't fix the
> issue of some content making TBB go full screen.

The maximize button is not the same as requesting fullscreen, in
general. With letterboxing, maximizing the browser does not (should
not) leak real screen dimensions.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] loading some content changes Tor Browser 9.0 to full screen

2019-11-05 Thread Joe 

In TBB 9.0, should about:config "full-screen-api.enabled" be "true?"
It is =true by default, in my auto-updated TBB 9.0, in Linux Mint.

I also see similar (default value) prefs, that may / may not be involved
here:
full-screen-api.allow-trusted-requests-only = true
(does that refer to "trusted requests" from sites, or something else?)

full-screen-api.transition-duration.enter = 0 0 (zeros separated by a
space)
full-screen-api.unprefix.enabled = true

TBB 9.0 is the first version I remember that loading anything caused TBB
to go full screen - links, images, videos [non-flash, but played using
TBB HTML5 player].  Though apparently some things caused problems years
ago - see old bug.

 Found a several year old trac.torproject bug where some things caused
window resizing.
https://trac.torproject.org/projects/tor/ticket/9881


So what is your proposed patch for this bug then just doing a
|browser.link.open_newwindow.restriction = 0|?



Yes.

Plus |full-screen-api.enabled = false| to fix #12609
[note:
#12609 is closed]


Is that pref's default value now back to true?

My security level is Safer and java script in NS is disabled.
But even to load text on some sites, at least the first party scripts
must be allowed.

Maybe js being enabled plus changes in Firefox allow scripts for some
content to force the (real) detected full screen size, when js is enabled?

But, I've not seen this problem (since TBB screen size was spoofed)
until upgrading to TBB 9.0.

For several reasons, like accidentally hitting the maximize window
button vs. close browser button, seems like there should be a pref ? or
setting that disables the maximize window icon.  That won't fix the
issue of some content making TBB go full screen.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk