This option break the dark mode in firefox

Hello Everyone

this option break the dark mode in the firefox https://privacytools.io/browsers/#about_config

privacy.resistFingerprinting = true

is that a bug or there something else going here

Edit : sorry forget to mention that on firefox 82.0.3 (64-bit) not sure if that apply to older version or not

and have a nice day

privacy.resistFingerprinting;true enables/disables many features to prevent fingerprinting so it does break a lot of things and I wouldn’t be too surprised.

I wasn’t aware of dark mode breakage (which would set you apart from default and thus be an item for fingerprinting), but I don’t use it due to webapp shortcut breakage (in TheLounge) and text-to-speech disabling (Clozemaster, audio captchas potentially).

That’s weird, what about using dark mode addon then? something like Dark Reader

thanks @Mikaela for the additional info

i also disable it after discovered that as the dark mode is much easier for eyes specialy for someone who stay for long time on my laptop

thanks again and have a nice day :slight_smile:

1 Like

thanks for the advice @esmailelbob i did not try to use addon as i like to keep the addon to the minimum

thanks again and have a nice day :slight_smile:

If i’m right, this addon plays in the CSS (client side) so again i’m not sure (someone correct me) but the server does not know you changed the color in first place (but maybe they got other ways to track addon tho)


This comment supposed to make you feel more good about using the addon but i think i made you more scared :joy:

thanks @esmailelbob

if the editing of the css of the user would help i would do it my self

when i get time i will look for it and see where i found

thanks again for the extra info

not that much loool and have a nice day

Web servers can track if you change styles in your client.

For instance, if there is a Content Security Policy that allows only certain styles (e.g., CSS) and has a reporting directive, the reporting endpoint could log client-side modifications.

Discourse very likely uses the CSS media feature prefers-color-scheme for the theme switching. Enabling resistFingerprinting disables this feature in Firefox. In the end, this is client-specific behavior that could be used for tracking.

thanks @infosechandbook for the info but unfortunately not all site prefers-color-scheme

by the way i enable the resistfingerprinting and check the discourse and it still working without the need to add the numeric ui…

thanks again for the info and have a nice day

Those frickers track everything now, but if we got in real life, how much sites do you think they do this? or how i know if i looked at the logs or something (F12)

Thanks and yes it just plays with CSS

Not sure what you want to say here, but you find it in this CSS file.

As written in the Mozilla documentation, setting privacy.resistFingerprinting to True results in Firefox always loading the pages with their “light” theme. Optionally, you can go to the about:config in your Firefox and overwrite this. For instance, instead of always loading the “light” theme, Firefox would always load the “dark” theme. Keep in mind that a website must define a dark theme; otherwise, nothing will happen.

The Reporting API (the current Content Security Policy and other headers will use this in the future) is primarily built for web developers to improve their custom web applications, not for tracking parties.

To detect this potential behavior, you can do at least:

  1. Look at the HTTP response headers of the web server (e.g., use securityheader.com). Here you will see report-uri or report-to directives if the website supports reporting. Example: https://securityheaders.com/?q=scotthelme.co.uk&followRedirects=on
  2. Use Webbkoll to detect third-party endpoints. We requested that they add this. Be aware that Webbkoll only shows reporting under certain circumstances.
  3. Go to the “network” tab of your browser’s developer mode and look for “report” files (see the screenshot below):

Addons like uBlock Origin can block some of these reports. You could also block the domain that are commonly used as reporting endpoints, esp. report-uri.com and uriports.com.

In our opinion, the reporting should always be mentioned in the website’s privacy policy if a third-party endpoint is involved.

1 Like

so at least you got a way to block it!

Thanks for that info

[quote=“infosechandbook, post:13, topic:4618, full:true”]
Not sure what you want to say here, but you find it [in this CSS file](view-source:https://cdn-[/quote]

meant that not all site use prefers-color-scheme

and for settings this true privacy.resistFingerprinting true this site even without login still use the dark mode unless if the admin set that by himself

what setting should i change to make it load the dark mode as i follow your mdn link and it did not work also the site i checked has already dark mode like youtube and twitter

thanks and have a nice day

If you have set privacy.resistFingerprinting to true, prefers-color-scheme preference is overridden to light.
Alternately, users can create the numeric preference ui.systemUsesDarkTheme to override the default behavior and return light (value: 0), dark (value: 1), or no-preference (value: 2). (Any other value causes Firefox to return light.)

→ ui.systemUsesDarkTheme: 1


Exactly, the Media Queries Level 5 specifies this feature, but it is still a draft. According to the MDN page, Firefox for Android and Internet Explorer don’t support this CSS feature.

Of course, there are other options for a website to provide a dark theme (e.g. with JavaScript or the server stores your theme choice).

that what i did

i missed that part so i think most of the site use other way than the prefers-color-scheme

thanks again and have a nice day

CSP reporting can be blocked with uBlock Origin. There’s an option for it in the settings.
You can read more here

From JS you can check attributes and styles of HTML tags, so they could check if the styling diverges from what it should be like

1 Like