[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20842 [Applications/Tor Browser]: Proposal: Improve Tor Browser font whitelist / bundled fonts
#20842: Proposal: Improve Tor Browser font whitelist / bundled fonts
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability, ux-team | Actual Points:
Parent ID: #18097 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
I don't think it's being punted for risk. I think it's being punted for a
few reasons:
1. It's not whitelisting them, it's bundling them. We have to figure out
which platforms need them, which have them (and since when) and bundle
them on the ones that don't have them.
2. We have the evaluate the file size bump in our packages from doing so.
3. We probably don't want to just quick add fonts for whoever asks the
most (no offense) but rather in some more impartial fashion that also
captures other requests and the original intent of this bug, which was to
replace fonts with ones that were better.
I'm not completely sold on #3 as a blocker though.
Aside from all that. We learned via a Canvas Fingerprinting exploration,
that the same font from different versions of the same OS renders
differently. This would be an argument to whitelist zero system fonts and
only use ones we bundle across all OSes.
(However we're not sure if the OS itself also renders the same font file
differently AFAIK....)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20842#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs