On 1/31/2014 11:24 AM, Moritz Bartl wrote:
Thanks for the link. I've read the design document before, but good to review. I read what little browserspy.dk had about fonts. I've also read most of what EFF has on Panopticlick site, about everything. Several times. Didn't see the topic / statement on Panopticlick's site, referenced in Tor's design document > fingerprinting-linkability - about "enumerable list in filesystem order..." : From https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkabilityOn 01/31/2014 04:32 PM, Joe Btfsplk wrote:Is it known that sites CAN detect selected TBB *browser* font names & sizes?See 4.6.4 in the Tor Browser design document: https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
Fonts According to the Panopticlick study, fonts provide the most linkability when they are provided as an enumerable list in filesystem order, via either the Flash or Java plugins. However, it is still possible to use CSS and/or Javascript to query for the *existence* of specific fonts.My question is NOT about sites querying which fonts are installed on my system (their "existence"). The design document talks about measures taken to limit font info that sites might get (quote below). But, either I don't understand some details in the document (likely), or it doesn't address my actual question... Which is, _can sites can detect the actual fonts & font sizes, *currently used by* the browser._
If they CAN, & I *change TBB's default font NAME and / or SIZES * (in Options > Content), then I'd be "different" from many TBB users. I've looked for the answer for several years. I've never seen *that question* / issue discussed - anywhere. If someone has seen it discussed, please point it out.
That's assuming the setting is UNchecked: "Allow pages to use their own fonts." If I allow using their own fonts, some text on some pages will still be very small / difficult to read. As I determined, zooming pages with Ctrl + mouse scroll, DOES change the reported screen size on Panopticlick & Browserspy.dk - even in TBB.
Disregarding Flash & Java (disabled or not installed), every thing I've seen about sites getting font info (as I understand), discusses them querying which fonts are on your system - NOT the actual fonts & font sizes *currently used by* the browser.
Tor DESIGN:
Additionally, we limit both the number of font queries from CSS, as well as the total number of fonts that can be used in a document with a Firefox patch <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch>. We create two prefs, *browser.display.max_font_attempts* and *browser.display.max_font_count* for this purpose. Once these limits are reached, the browser behaves as if *browser.display.use_document_fonts* was set. We are still working to determine optimal values for these prefs.Again, no discussion of sites detecting TBB's currently selected fonts & sizes.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk