[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13313 [Tor Browser]: Enable bundled fonts in Tor Browser
#13313: Enable bundled fonts in Tor Browser
-------------------------+-------------------------------------------------
Reporter: dcf | Owner: tbb-team
Type: | Status: needs_review
enhancement | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-fingerprinting-fonts,
Browser | tbb-5.0a4, TorBrowserTeam201507R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
Replying to [comment:28 dcf]:
> Replying to [comment:26 arthuredelstein]:
> > Whoa, interesting result. I think, though, that it's a form of OS
fingerprinting, similar to #13018, or am I missing something? Whereas this
ticket attempts to solve an orthogonal problem, which is that it is
possible to enumerate the system fonts installed on a user's machine.
>
> Whitelisting font files is meant to solve both: enumeration of font
names, and differences in glyph rendering. Differences in glyph rendering
provide much more precision than just the OS--it can vary based on what
fonts are installed, what antialiasing settings you use, and what graphics
card you have, for example. Glyph rendering is in scope for this ticket--
that's the idea behind enforcing a single list of exact font files, not
just a single list of font names. By standardizing the list of font file
and rendering settings you should be able to bring down the variability a
lot. See figures 4 and 5 on page 13 of
https://bamsoftware.com/papers/fontfp.pdf.
What I understand from those figures is that most of the entropy saved is
in standardizing the exact font files (please correct me if I'm mistaken).
In comment:19 we have patches that enforce a single list of fonts, and
bundle exactly the same font files on all platforms. I think that moves us
from the red line to the blue line. To get closer to the green line, we
need to adjust rendering settings -- I'd suggest punting that work to
#16672, because I think it's going to take substantial experimentation to
optimize those settings across platforms. In the meantime I think it would
be nice to get user feedback for the bundled fonts in the alpha if
possible.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13313#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs