Tor Browser 9.0's letterboxing alleviates these concerns somewhat. The companion blog post to this demo has more information.
This website is a proof of concept. CSS supports
queries that allow the webdesigner to conditionally set styles. Usually this
is done to make a webpage "responsive." On mobile? Collapse that top menu bar
into a hamburger menu and use one column instead of two. Useful!
But this can be abused to help deanonymize you. CSS supports setting some
attributes to URLs. Combining these ideas, an adversary can force your browser
to load different resources based on your window size. This webpage
demonstrates this very obviously by loading and displaying different images
based on the width and height of your window. An adversary wouldn't have to be
so obvious. Maybe a small element with
display:none; has its
background image changed based on screen width. You wouldn't be able to see
this in action unless you're watching the requests your browser is making.
I recommend you do just that: view the source of this page and its stylesheet. Open the developer console to the network tab and start resizing your window. All I have to do is watch my web server's logs to see what images are being requested. Thanks CSS!