Open BananaMangoFestival opened 8 years ago
Okay I found out how to fake this, in about:config, limit "dom.workers.maxPerDomain" to the number that you want (0 = no threads and Tor's option also) and restart Firefox.
I let this issue open so you can, if you want, adding this option into the next release.
@BananaMangoFestival
Changing the value to 0 would make users stand out because almost nobody has the CPU core numbers set to 0 (except Tor users). Perhaps an option to spoof the CPU core values using a common range would be better?
I also don't think the collection of CPU core numbers is as uniquely identifiable in comparison to other methods of tracking - such as canvas fingerprinting, which is basically 98% uniquely identifiable.
I don't necessarily recommend 0 because of it, the common range is IMO around 2 or 4.
Indeed, this is not really an uniquely identifiable but in my case, I possess many more cores than common range which is very unusual, so I'd rather not reveal my actual cores number.
I'm thinking a drop down box in the options panel with maybe the following values to choose from "2, 4, 6, 8, random".
However, any changes to dom.workers.maxPerDomain
in about:config requires the browser to restart, so I'm assuming a prompt/button "restart now" would be needed.
@dillbyrne what do you think?
This thing has been integrated only since the 48 version of Firefox, I tested with the 47 version and it displays no threads, like Tor. (there is no line "Hardware Concurrency" in browserleaks while there is one in the 48)
So if you're using a useragent that displays a version prior to 48, you should logically put 0.
This thing has been integrated only since the 48 version of Firefox
The value of dom.workers.maxPerDomain in FF-ESR 45.3.0 is 20.
So it means that Mozilla has implemented another option in version 48 that makes guessing to these sites that we support this option.
I don't know if this option is customizable in about:config but I think changing dom.workers.maxPerDomain
will be more interesting when earlier versions to 48 will be uncommon.
Does anyone know whether changing dom.workers.maxPerDomain
also changes how Firefox utilizes the CPU to process the page? In other words, if I set it to a low number, will pages and animations take longer to render because FF will use fewer CPU resources?
@RoxKilly There must be some performance benefit involved if the developers decided to return the number of logical processors available to run threads on the user's computer. I tried inspecting via "Shift F5" although I haven't noticed any difference myself. The difference in speed may be small enough to go unnoticed.
Quote from Mozilla:
The browser may, however, choose to report a lower number of logical cores in order to represent more accurately the number of Workers that can run at once, so don't treat this as an absolute measurement of the number of cores in the user's system.
HI all. Changing this would have some hit to performance I'm sure, whether it would be noticeable or not is another thing.
I don't really think there is much point in adding it if it requires the user to restart FF each time the preference is changed. In that case the user can simply change the pref themselves in about:config. The options in RAS provide a quick way to change prefs, having to restart negates that.
There may be a way to spoof it via script injection.
@Wannabe-Programmer that's good information; seems like it should be on its own thread though. May not b a good idea to conflate multiple issues on the same thread.
As per this Firefox bug, the default setting for dom.workers.maxPerDomain
is now set @ 50
. But when I fire up Firefox Nightly, I see it is set to 512
. Either way, OP's links still show the real # of CPU cores in this machine.
I have added an option via script injection on my branch so we don't need to worry about restarting the browser. I'll submit a PR soon after my other PR is merged 😆
Javascript reveals your CPU cores number (even with a CPU override option) as we can see here :
So I apply for an option to hide or fake this (maybe is there already an option directly in about:config?)