You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using DuckDuckGo Privacy Extension, the extension forcefully overrides the navigator.hardwareConcurrency information provided by the browser. This in turns causes many websites, services and extensions that probe this number to actually under-perform as they are going to assume there are only 2 CPU Logical Cores available instead of the actual number.
Steps to Reproduce
Have DuckDuckGo Privacy Extension enabled
Download e.g. some large files previously uploaded on https://drive.proton.me (Proton Drive employes parallelization in order to optimize download speed and decryption of e2ee files. With the extension enabled network utilization is suboptimal because only one block at a time is downloaded, instead of multiple parallel blocks.
Expected behavior:
Given how critical this number is for performance I'd expect as a user to have control whether this value is overridden by the extension or rather the real number of logical cores is exposed
Thanks for filing this. This is one of our fingerprinting protections - we fix this, and several other hardware values to the same value for all users to make it so this cannot be used for fingerprinting by trackers. Your example on proton.me seems to be a rare example of a site using navigator.hardwareConcurrency for its actual purpose, rather than fingerprinting, and our chosen value for it may be a bit low for most extension users.
I've opened duckduckgo/privacy-configuration#1679 to mitigate the issue on proton.me, and opened a task internally to discuss how to deal with valid usages of this API. If you know of other sites with issues, please let us know so we can mitigate any issues there too.
Description
When using DuckDuckGo Privacy Extension, the extension forcefully overrides the
navigator.hardwareConcurrency
information provided by the browser. This in turns causes many websites, services and extensions that probe this number to actually under-perform as they are going to assume there are only 2 CPU Logical Cores available instead of the actual number.Steps to Reproduce
Expected behavior:
Given how critical this number is for performance I'd expect as a user to have control whether this value is overridden by the extension or rather the real number of logical cores is exposed
Actual behavior:
Versions
Additional Information
The actual line enforcing this is here: https://github.com/search?q=repo%3Aduckduckgo%2Fduckduckgo-privacy-extension%20hardwareConcurrency&type=code
The text was updated successfully, but these errors were encountered: