privacy.resistFingerprinting spoofs timezone, screen size, fonts, and canvas — the uniformity defense behind Firefox and Tor Browser.
Most anti-fingerprinting tools try to hide your device by making it look different every time — a new canvas hash, a shuffled font list, a random screen size. Firefox's privacy.resistFingerprinting preference, always on in Tor Browser, does the opposite: it makes your browser report the same small set of values as every other user running the same setting. This article explains what that "uniformity" philosophy means in practice, exactly what RFP spoofs, why Tor Browser and Firefox share the same defense engine, and what it costs you in return.
Key Takeaways
privacy.resistFingerprinting(RFP) is a Firefox preference, off by default in stock Firefox but always on in Tor Browser, that normalizes fingerprintable browser surfaces.- Its design goal is uniformity, not randomization: make every RFP-enabled browser report the same values, so no individual instance stands out from the crowd.
- It spoofs timezone to UTC, rounds window/screen dimensions to fixed steps ("letterboxing"), prompts before canvas reads, restricts font enumeration, and freezes the reported OS/User-Agent.
- Tor Browser and Firefox share the same RFP code via the "Tor Uplift" project — Tor's anti-fingerprinting research shipped as a general Firefox preference.
- The trade-off is real: RFP breaks sites that rely on precise geolocation, native window sizing, or canvas-based widgets. It is a blunt, effective tool, not a drop-in replacement for normal browsing.
The Uniformity Philosophy: Blend In, Don't Stand Out
Canvas noise tools and similar extensions try to defeat fingerprinting by making each read unique — a fresh random value every time, so no stable hash can be computed. Our piece on canvas noise covers why that approach is a trap: any randomness a script can detect (by reading the same canvas twice and getting different bytes) becomes a signal of its own — "this browser is running privacy tools" is itself identifying, sometimes more identifying than the original fingerprint.
Mozilla's fingerprinting design documentation lays out the alternative directly: rather than trying to hide a unique value, RFP tries to make browsers indistinguishable from one another. If ten million Tor Browser users all report the same timezone, the same rounded window size, and the same font list, then no individual report carries any information that separates one of them from the rest. The anonymity comes from the size of the crowd, not from concealment. See Mozilla's Security/Fingerprinting wiki page for the project's own framing of this goal, and MDN's Fingerprinting glossary entry for how fingerprinting is defined as a tracking technique in the first place.
This only works if the population sharing a value is large. Uniformity among a handful of users is closer to a fingerprint than a defense — which is exactly why RFP ships as a strict, narrow spoof rather than a configurable one: options a user could tweak would fragment the crowd back into distinguishable subgroups.
What RFP Actually Spoofs
RFP touches a long list of APIs. The most consequential ones:
Timezone → UTC. Intl.DateTimeFormat().resolvedOptions().timeZone and Date.prototype.getTimezoneOffset() both report UTC regardless of your system clock. A tracker that reads timezone directly from the browser gets no location signal at all — see Timezone and Locale Leaks for how this signal is normally used to catch VPN users, and why RFP removes the leak at the source instead of trying to make the fake timezone "consistent" with a VPN's exit country.
Window and screen rounding ("letterboxing"). Instead of reporting your exact viewport, RFP rounds innerWidth/innerHeight down to the nearest step (a multiple of 200×100 pixels by default) and pads the extra space with a solid-color border. Screen resolution (screen.width, screen.height) is similarly clamped to the rounded window size rather than your monitor's real resolution. This is the single most visible RFP effect — you'll notice gray bars around the content area when the browser window doesn't land on an exact step.
Canvas read permission prompt. Rather than blocking canvas entirely or injecting noise, RFP intercepts toDataURL() / getImageData() calls with a permission prompt the first time a site tries to read canvas pixels. Most users deny it by default, which returns a blank canvas — visually identical across every RFP browser, satisfying the uniformity goal without the detectable side effects of noise injection.
Restricted font enumeration. Rather than exposing your OS's actual installed font list — one of the highest-entropy signals in a normal fingerprint — RFP limits document.fonts and CSS font-matching to a small, fixed allowlist bundled with the browser, independent of what's actually installed on the system.
Frozen User-Agent and navigator properties. navigator.platform, navigator.oscpu, navigator.hardwareConcurrency, and related fields are spoofed to a small set of generic values (e.g., a fixed CPU core count) instead of your real hardware specs, and the User-Agent string is normalized toward a handful of common variants rather than reflecting your exact OS build.
Reduced timing precision. High-resolution timers like performance.now() — and the resolution of Date.now() — are rounded to coarser intervals, closing timing-based side channels that can otherwise be used to fingerprint hardware performance or probe cache behavior.
Tor Uplift: Why Firefox and Tor Browser Share One Engine
RFP exists in stock Firefox because of the Tor Uplift project — an effort to move Tor Browser's fingerprinting defenses out of a Tor-specific fork and into Firefox itself as a standard, maintained preference. Tor Browser is built on Firefox ESR and enables privacy.resistFingerprinting by default; ordinary Firefox ships the same code but leaves it off, because the trade-offs below are considered too disruptive for general browsing.
The practical benefit of sharing the engine: fingerprinting-defense bugs get fixed once, in one codebase, and both browsers benefit. It also means anyone curious about Tor Browser's anti-fingerprinting behavior can test the exact same mechanism in regular Firefox by flipping the preference in about:config — useful for understanding the trade-offs before committing to full Tor Browser for daily browsing.
The Trade-Offs: What Breaks
Uniformity is a blunt instrument, and RFP breaks things:
- Geolocation-dependent sites (weather, local search results, timezone-aware scheduling) see UTC instead of your real timezone and behave as if you're in an arbitrary location.
- Canvas-based UI — some CAPTCHAs, drawing tools, and data-visualization widgets — either shows the permission prompt on every load or renders blank if you deny it.
- Window sizing feels imprecise. Letterboxing means the content area doesn't fill the window exactly, which some users find visually distracting, especially at unusual window sizes.
- A handful of sites misbehave when they receive a generic User-Agent or a rounded hardware-concurrency value they didn't expect, particularly older sites doing aggressive browser sniffing.
None of this is a bug — it's the direct cost of the uniformity strategy. A defense that only worked when it was invisible would, by RFP's own logic, not be much of a defense.
How to Verify RFP Is Working
If you enable privacy.resistFingerprinting in Firefox (about:config → search the preference → set to true) or switch to Tor Browser, you can check the effect directly rather than taking it on faith. Run BrowserInsight's fingerprint check before and after: with RFP active you should see your reported timezone flip to UTC, your canvas hash come back blank or trigger a permission prompt, your font list shrink to the built-in allowlist, and your window/screen dimensions land on a rounded step instead of your monitor's native resolution. Comparing the two runs is the fastest way to see uniformity in action rather than reading about it abstractly.
Frequently Asked Questions
Does resistFingerprinting make me anonymous?
No single setting makes you anonymous. RFP reduces how much your browser's own signals distinguish you from other RFP users, but your IP address, account logins, and browsing behavior are separate tracking vectors it doesn't touch. Tor Browser pairs RFP with the Tor network specifically to also anonymize your IP; using RFP alone in regular Firefox still leaves your network-level identity visible.
Should I enable privacy.resistFingerprinting in regular Firefox?
It depends on your threat model. RFP gives you a real reduction in fingerprint uniqueness, but the letterboxing, timezone spoofing, and font restrictions are noticeable in daily use and will break some sites. Most people who want part of the benefit without the friction use Firefox's default, lighter Enhanced Tracking Protection instead, and reserve full RFP or Tor Browser for higher-sensitivity browsing.
Why does Tor Browser show a small gray border around my content?
That's letterboxing. RFP rounds your window's reported dimensions to a fixed step and pads the remainder with a solid border so your actual window size doesn't leak as a unique value. It's expected behavior, not a rendering bug.
Does RFP stop canvas fingerprinting completely?
For canvas specifically, yes in effect: the default prompt-then-deny behavior returns a blank canvas that's identical across every RFP browser, which satisfies the uniformity goal. It's a different mechanism from noise-based defenses like Brave's farbling — see our canvas noise deep-dive for how the two approaches compare.


