Resist fingerprinting through tab width

[realpixelcode]

Introduction

It should be well-known that trackers have been using the browser's viewport width and height to uniquely identify users across sessions for many years. (Check out Am I unique? to find out how unique your viewport dimensions are.)

That's why Tor Browser introduced letterboxing quite a while ago, which basically resizes the viewport to a “common size”, resulting in thick borders. While Firefox (and thus Zen Browser) also has letterboxing (zen.theme.content-element-separation in about:config), it's not really comfortable to use due to said thick, clutter-like borders.

The problem identified

Now, since Zen Browser puts the tabs into a vertical side-bar on the left, the viewport width is suddenly not just constrained by the screen width, but instead also by the user's preferred tab width. Nothing prevents the user from changing the tab width such that the viewport is something like 1173 px wide. Obviously, this is catastrophic in terms of privacy, since very likely no one else has that exact viewport width.

That's why Zen Browser should take measures to avoid oddly specific viewport widths without relying on user-unfriendly letterboxing.

The solution proposed

Instead of putting white borders around the viewport, Zen Browser should slightly adjust the tabs' sidebar width: Whenever the user drags the border to resize the sidebar, Zen Browser should make the border gently snap to the nearest multiple of 10 pixels. Drawing/design programs like Inkscape or Adobe Illustrator call this feature “snapping to magnets/guides”.

Of course, the snapping movement must not be jerky or jolting. Instead, it must be a smooth, ease-in-ease-out animation, so that it doesn't feel like friction.

Examples:

• User resizes the tab sidebar to 1173 px ➡️ it automatically and gently snaps to 1170 px.
• User resizes the tab sidebar to 1217 px ➡️ it automatically and gently snaps to 1220 px.
• User resizes the tab sidebar to 1004 px ➡️ it automatically and gently snaps to 1000 px.

I'm unsure what the best snapping interval should be. Perhaps, even 10 px is too small – maybe 20 px would be better? Ideally, it should be customisable in about:config. Perhaps, the interval could be increased if privacy.resistFingerprinting is enabled.

Here, you can play with different viewport sizes.