> and until recently, the Tor browser also just leaked your window size via Javascript.
Though this was why Tor would always open in the same window size. But ya, that all fell apart if you maximized.
When did they fix “the leak” itself? Wouldn’t that require intercepting the JavaScript call in the same way that the scroll bar size issue could be fixed?
It's called "letterboxing", and rounds the window size to the nearest 200x100 px when maximized, I think. So while it does make you slightly less unique than just maximizing normally would, that anonymity set is still potentially smaller than the set that can fit everyone, namely the 1000x1000 default. There are methods of detecting screen resolution using CSS that don't require JavaScript, so blocking JavaScript doesn't necessarily protect you from this fingerprinting method.
Fascinating to realize that CSS can do that. I guess it does it by “calling” x.png 1024 times and y.png 768 times? Or running some loop to call 1024x.png and 768y.png...
Though this was why Tor would always open in the same window size. But ya, that all fell apart if you maximized.
When did they fix “the leak” itself? Wouldn’t that require intercepting the JavaScript call in the same way that the scroll bar size issue could be fixed?