Defend against advanced fingerprinting techniques

[fmarier]

These blog posts list a number of fingerprinting techniques that WhiteOps use:

• https://smitop.com/post/whiteops-data
• https://smitop.com/post/reddit-whiteops/

We should examine them to see which ones we could defend against.

[pes10k]

A brief update on this; i dont think there is much here thats actionable by us.

Most of the oddball stuff is targeting other browsers (particularly microsoft stuff).

Reddit is checking for navigator.brave though ¯_(ツ)_/¯

The other fingerprinting stuff is mostly well understood and common (fonts, floating point implementation, common extensions, etc). Maybe the one interesting one though is that they use DRM features and hardware codecs, which are not likely to be useful in most cases, but could leak useful info on some platforms.

One other thing that might be of interest is that they check for WEBGL_debug_renderer_info. We have protections in aggressive fingerprinting protections, but i don't know what we could do here w/o non-trivial webcompat risk in the default case.

In general, I'm glad for the share @fmarier but i dont think there is anything in here thats actionable thats not already covered by other issues, so im going to close. But thanks again for the share!