Basically title…I’m wondering specifically if my chrome/userChrome.css
is increasing my chances of getting fingerprinted/tracked/etc. I can’t find answers on DDG or on Arkenfox’s GitHub, so I’m probably good, but what do you think?
Probably not;
userChrome.css
just modifies the local user interface of Firefox, right? I don’t think any of this information is ever transmitted to servers, nor is it available from Javascript. Custom user styles however could probably be used for fingerprinting.Related interesting article from Mozilla: Privacy and the :visited selector
Unfortunately, you can read the CSS state of an element from JS, so it can easily be used as part of a sufficiently advanced fingerprinting algorithm.
And this CSS state is the same for websites AND the browser?
Even CSS alone is sufficiently advanced to allow fingerprinting.
OP is asking about userChrome.css, which applies to the style of the browser window itself, not webpage contents. Websites can’t view the markup for the browser window itself (which, fun fact is (mostly?) just HTML too), otherwise this would all be moot and they could just look at your list of tabs or your username in the menus.
Test out your fingerprint resistance by going to fingerprint.com there are commercial service, but they will track you on their webpage. And tell you if they can match you to a previous ID. So just visit an incognito mode. Restart your browser, visit again an incognito mode. See if you get matched
The only browser that works for me against fingerprint.com is the tor browser, and mullvad browser.
Firefox+arkenfox still gets fingerprinted for me
https://coveryourtracks.eff.org/
I trust the EFF more
By all means do both. But it’s not about trust, it’s about capabilities.
Fingerprint.com has an incentive to track you, they’re demonstrating it to get sites to hire them to track you. So use them as a test to see if a commercial entity can track you. Of course cover your tracks is great, but no matter how low the score is, if the commercial fingerprint.com can track you, you’re trackable… it’s just empirical
Using the fire button in DuckDuckGo did work.
It will have no practically significant effect. Websites do not have access to browser chrome css properties. The worst it might do is change the dimensions of the viewport in a way that makes your browser fingerprint slightly more unusual, i.e. the same thing that would happen if you set the UI to “compact” mode.
No, it’s just cosmetic.
CORRECTION: It was pointed out to me that I was confusing userStyles.css with userChrome.css. I’m not aware of anyway that styling the UI outside of the DOM could be directly detectable. Theoretically, if you could resize some UI elements that would change the viewport size and therefore be detectable. I’m not informed enough on userChrome.css to make that call however. Original comment is below.
Yes. As CSS styles can be queried, any differences can be used as an identifiable data point used to form a fingerprint.
Are you talking about userContent.css? For that, it makes sense to me that it would be visible to webpages, since it applies styles to webpages.
But OP is talking about userChrome.css, which styles the Firefox UI. I would be very surprised, if that’s not isolated from webpages.
Yes! That’s exactly what is going on. My bad, I’ll edit my comment to correct my mistake.
Think what you’re talking to more applies to add-ons like dark reader. Websites can’t see what your browser visually looks like.
Maybe they can see if your userchrome js modified the height by seeing the viewport size, but that’s getting way paranoid for it to be realistically used against you
Yes you are correct. Another commenter pointed out I was getting mixed up between user styles and user chrome. Funny that we both considered how modifying user chrome could potentially impact viewport size! We both have paranoid minds :P