Tor sets the following to mitigate (prevent?) fingerprinting with WebGL: > pref("webgl.min_capability_mode", true); > pref("webgl.disable-extensions", true); > pref("webgl.disable-fail-if-major-performance-caveat", true); > pref("webgl.enable-webgl2", false); We should dig into these prefs and figure out if we need to 'set' them (really we would just treat them as 'true') for Resist Fingerprinting Mode. Tor does not need us to get this into ESR60, but it is a hole in FF's RFP mode.

may be relevant: - webgl.dxgl.enabled (added in FF51, I think it is Windows specific only) - webgl.enable-debug-renderer-info - see Bug 1171228 <-- this should be a RFP setting IMO, default is true, which AFAIK can leak info such as hardware and drivers etc to websites such as youtube Maybe "disable webgl.enable-debug-renderer-info when RFP=true" should be another ticket

> webgl.dxgl.enabled This isn't relevant. > webgl.enable-debug-renderer-info IIRC this is already turned off on in tor's builds. Adding it to fingerprinting resistance makes sense. This does give users a potentially degraded experience, though. There is no free lunch here.

Instead of just turning things off, we should canonize something like: http://jdashg.github.io/misc/webgl/webgl-feature-levels.html This reduces the number of bits to 2, which is probably fine, while preserving the vast majority of abilities. Does that sound reasonable?

Sounds okay at first glance, I'm going to clear ni until we dig into this one further though.

also see Bug 1337157 - maybe close that as a duplicate of this