Open kaplun opened 11 months ago
Thanks for filing this. This is one of our fingerprinting protections - we fix this, and several other hardware values to the same value for all users to make it so this cannot be used for fingerprinting by trackers. Your example on proton.me seems to be a rare example of a site using navigator.hardwareConcurrency
for its actual purpose, rather than fingerprinting, and our chosen value for it may be a bit low for most extension users.
I've opened https://github.com/duckduckgo/privacy-configuration/pull/1679 to mitigate the issue on proton.me, and opened a task internally to discuss how to deal with valid usages of this API. If you know of other sites with issues, please let us know so we can mitigate any issues there too.
I just ran into this issue with the Zoom Video SDK for Web (link). This JS library allows websites to embed video chat into a webpage. However, it has limited functionality on machines with limited computing power. Specifically, many features including video resolution (720p/1080p) and virtual background (image/blur) are restricted based on navigator.hardwareConcurrency. There are many references navigator.hardwareConcurrency in this file for various features.
While I know that I can exclude my site in the DuckDuckGo Privacy Essentials options, this SDK could be used on many different sites, and it is not intuitive or user-friendly to have to have to exclude every site. Also, this means that the rest of the DDG PE features are turned off for these sites.
I would suggest raising the number of reported cores from 2 to 8, similar to what Safari/WebKit does (link).
Description
When using DuckDuckGo Privacy Extension, the extension forcefully overrides the
navigator.hardwareConcurrency
information provided by the browser. This in turns causes many websites, services and extensions that probe this number to actually under-perform as they are going to assume there are only 2 CPU Logical Cores available instead of the actual number.Steps to Reproduce
Expected behavior: Given how critical this number is for performance I'd expect as a user to have control whether this value is overridden by the extension or rather the real number of logical cores is exposed
Actual behavior:
Versions
Additional Information
The actual line enforcing this is here: https://github.com/search?q=repo%3Aduckduckgo%2Fduckduckgo-privacy-extension%20hardwareConcurrency&type=code