Browser fingerprinting

Browser fingerprinting is the systematic collection of information about the web browser to make educated guesses about its identity or characteristics. Each browser's settings and features create what is called as the "browser fingerprint". Most browsers inadvertently create a unique fingerprint for each user which can be tracked across the internet. For more in-depth information on browser fingerprinting refer to these articles on the Tor Blog.

What makes browser fingerprinting a threat to online privacy?

First, there is no need to ask for permissions from the user to collect this information. Any script running in the browser can silently build a fingerprint of the device without users even knowing about it. Second, if one attribute of the browser fingerprint is unique or if the combination of several attributes is unique, the device can be identified and tracked online. In that case, no need for a cookie with an ID in it, the fingerprint is enough.

Tor Browser + Anti-fingerpriting

Tor Browser is specifically engineered to have a identical fingerprint across its users. No matter what device or operating system the user is on, the browser fingerprint should be the same as any device running Tor Browser. This means each Tor Browser user looks like many other Tor Browser users, making it difficult to track any individual user.

Anti-fingerprinting features in Tor Browser

Letterboxing

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

letterboxing