On Thu, Jul 30, 2015 at 08:55:36PM -0700, Arthur D. Edelstein wrote:
As Mike suggested, I've posted David's web app here: http://qfgbmpw3obwb3ix3.onion
David -- is this measuring system font glyphs or only web fonts that download at the beginning? And can you suggest how to interpret the submissions file?
The web app is doing many researchy things, some of which are no longer important. In particular, you probably want http://qfgbmpw3obwb3ix3.onion/fastfp, not the default /fontfp. That one runs in under a second and is a much faster way to test whether the defense is working. You only need to use /fontfp (which tests against all of Unicode) if you want to try and find new potentially problematic code points.
The fastfp page gives you three fingerprints. Only the first one matters. The other two are simulations of providing a standard-font defense; i.e., what you've already implemented. :2d5db8b8 using system fonts (no defense). st:502fc3e6 simulating a defense that allows only standard fonts. un:48ac0cd4 simulating a defense with just one standard font. The only one you need to pay attention to is the ":" one, not the "st:" one or the "un:" one.
You probably don't want to be collecting submission files. They are set up to be highly anonymized and to be for a general browser population, not Tor Browser. You're going to be getting a mix of people visiting the site, with and without 5.0a4, all their results mixed together with no way to differentiate them. There is code that partially documents the submission files in fp/submission.go. An example of what you can do with submission files is get summary statistics for individual code points, $ ./summary/summary submissions/* point minw maxw meanw minh maxh meanh var U+0000 0 249 16.06 368 1200 400.74 18.5226 U+0001 0 0 0.00 368 1200 400.74 16.5118 Or diff two submissions: $ ./diff/diff --styles default submissions/1 submissions/2 U+0000 default 0×369 0×380 (+0,+11) U+0001 default 0×369 0×380 (+0,+11)
I think it would be better if we set up a static HTML page that would print out a complete list of glyph sizes with a checksum. tor-qa people could self-report their checksum. If we find any that don't match, we can then try and investigate why (gk and I did a lot of this during the fontfp research). There's a code point viewer at e.g. http://qfgbmpw3obwb3ix3.onion/u/03b1. It gives the dimensions of the glyph in all font styles and shows the glyph on the screen. We resorted to this to find out why rendering was different across some systems (i.e., opened a couple of screenshots in Gimp and subtracted them to find out what pixels were different); that was some of our evidence that antialiasing settings are a cause of distinguishability.