(In reply to Tom Ritter [:tjr] (On Leave) from comment #1)

Tor's patch: https://gitweb.torproject.org/tor-browser.git/patch/?id=722fd29

also see https://trac.torproject.org/projects/tor/ticket/29563 - where the tor patch (there may have been other patches since) seems to be inconsistent with at least Linux on various zoom levels (e.g as compared to say Windows). I do not know if this is a limitation, or a design decision by the patch authors

In FF69+ there is a pref layout.css.line-height.normal-as-resolved-value.enabled (see Bug 1536871) when set as true will return normal for getComputedStyle for value line-height. It is currently enabled as default true in 69. We could backport 1536871 to Tor Browser and/or enforce this with RFP (or just wait to see if it makes stable as true).

Note that the pref is only on for nightly and early beta, fwiw, since there may be compat fallout. I'll turn it on on release probably after a couple releases.

Also note that this doesn't change the layout behavior, which can be observed in other ways like getBoxQuads or such, if line-height ends up affecting the height of any box.

Since Bug 1579624 turned layout.css.line-height.normal-as-resolved-value.enabled on by default, I think this could be closed.

We will probably drop the patch from Tor Browser as well.

I don't think that matters in practice? You can observe the line-height via a bunch of other APIs that aren't getComputedStyle. But again if tor ships with the same fonts across platforms you should be getting the same normal line-height, unless I'm missing something.

(In reply to Emilio Cobos Álvarez (:emilio) from comment #9)

But again if tor ships with the same fonts across platforms you should be getting the same normal line-height, unless I'm missing something.

We allow a restricted number of fonts, but at the moment they differ from platform to platform.
We ship some fonts on all platforms to support non-latin scripts (at least on Linux and Windows).
In addition to that, on Linux we ship more fonts (like Arimo, which should have the same metrics as Arial), because there isn't a unique list of available fonts that works for all installations. So we create our own list of fonts.

I don't think that matters in practice? You can observe the line-height via a bunch of other APIs that aren't getComputedStyle.

We decided to enable platform specific navigator.userAgent (while keeping Windows on the User-Agent header), so getting the platform is as trivial as checking that string with JS enabled.
I know that some fingerprinting can be done also without JS, but I wonder whether it is possible to leverage the line-height.

That said, let me know if you think that the patch is good (I am attaching it) and you are interested in getting it in Firefox 🙂️.

(In reply to Pier Angelo Vendrame from comment #8)

We will probably drop the patch from Tor Browser as well.

(In reply to Pier Angelo Vendrame from comment #10)

We decided to enable platform specific navigator.userAgent (while keeping Windows on the User-Agent header), so getting the platform is as trivial as checking that string with JS enabled.

Given these^ notes, I think we can close this as WONTFIX (unless there's a different compelling motivation for taking this patch or one like it besides trying-to-make-it-harder-to-detect-the-user's-OS).

Given these^ notes, I think we can close this as WONTFIX

lineheight might reveal major OS (guesswork based on a dataset of default fonts and sizes and styles (language), zoom and/or layout.css.devPixelsPerPx), but it can also reveal more entropy. All those affect measurements, but we could ultimately control.

That said, we should investigate this downstream, to see what else affects this, e.g. devicePixelRatio, system scaling, GPU rendering of fonts, clearType, font versions (ignoring diffs in supported unicode code points) ...