Make a list of desired fingerprinting tests

[arthuredelstein]

Also write this into the repository, in JSON format.

[Thorin-Oakenpants]

an tiny initial list

universal tests

• [x] window.screenX, window.screenY
  • [ ] ? expand gecko to include window.mozInnerScreenX, window.mozInnerScreenY
  • [ ] I would combine all four into a single test line
• [x] window.inner* matches window.outer
• [ ] canvas: known pixel tests: is it altered: toDataURL, toBlob, getImageData, isPointInPath, isPointInStroke
• [ ] timing mitigations: could do with it's own list

browser specific (meaning you mark the other browsers as a green - )

• [ ] TB: screen available matches screen
• [ ] TB inner matches screen
• [ ] TB: timezone is UTC0

---

We could list all RFP and Brave's standard/strict protections, and decide if they should be added, and how they can be tested. For example, RFP enforces prefers-color as light, so your browser would need to be set up as prefers dark in Tor Browser.

Since you know the browser being tested and the default Brave Shield protection, you could simply return protections such as audio as protected (it is randomized). I am not a fan of this approach here - but there is something to be said for leveraging known implementations to detect randomizing protections in the real world, i.e. in fingerprinting scripts

[Thorin-Oakenpants]

FYI: you can add css as well as matchMedia queries, by using JS to look up the pseudo value, but since only RFP does this and we already know it's covered, it seems a bit moot

click me for concept

I use this on TZP to detect screen spoofing and bypass it, but I use an upper and lower bound (ranges are too large when you factor in scaling and zoom etc to cover everything). If not bypassable due to range, I still know if the value is untrustworthy. But you don't have those issues to worry about, just add the values that cover your tests css - except you probably don't want to use _min_ (I use that as it shows a difference with hiDPI - i.e subpixels and rounds down for entropy) ```css @media (min-device-width:499px){#S:before{content:"";}} @media (min-device-width:500px){#S:before{content:"500";}} /* etc */ @media (min-device-width:2560px){#S:before{content:"2560";}} @media (min-device-width:2561px){#S:before{content:"";}} /* upper */ @media (min-device-height:499px){#S:after{content:"";}} /* lower */ @media (min-device-height:499px){#S:after{content:"";}} /* lower */ @media (min-device-height:500px){#S:after{content:" x 500";}} /* etc */ @media (min-device-height:2560px){#S:after{content:" x 2560";}} @media (min-device-height:2561px){#S:after{content:"";}} ``` html - `x` is my catchall, I use this to also check other css values such as colors, CSS4 items, etc ```html ``` js example ```js function getElementProp(id, prop, pseudo) { try { let item = window.getComputedStyle(document.querySelector(id), pseudo) item = item.getPropertyValue(prop) if (item == "none") {item = "x"} item = item.replace(/"/g,"") if (!isNaN(item * 1)) {item = item * 1} // numbers if (item == "") {item = "x"} // blanks return item } catch(e) { return "x" } } let w = getElementProp("#S","content",":before"), h - getElementProp("#S","content",":after"), console.log("screen as shown by css", w +" x "+ h) ```