[tor-bugs] #13313 [Tor Browser]: Enable bundled fonts in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 27 05:24:58 UTC 2015


#13313: Enable bundled fonts in Tor Browser
-------------------------+-------------------------------------------------
     Reporter:  dcf      |      Owner:  tbb-team
         Type:           |     Status:  needs_review
  enhancement            |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting-fonts,
  Browser                |  tbb-5.0a4, TorBrowserTeam201507R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:28 dcf]:
 > Replying to [comment:26 arthuredelstein]:
 > > Whoa, interesting result. I think, though, that it's a form of OS
 fingerprinting, similar to #13018, or am I missing something? Whereas this
 ticket attempts to solve an orthogonal problem, which is that it is
 possible to enumerate the system fonts installed on a user's machine.
 >
 > Whitelisting font files is meant to solve both: enumeration of font
 names, and differences in glyph rendering. Differences in glyph rendering
 provide much more precision than just the OS--it can vary based on what
 fonts are installed, what antialiasing settings you use, and what graphics
 card you have, for example. Glyph rendering is in scope for this ticket--
 that's the idea behind enforcing a single list of exact font files, not
 just a single list of font names. By standardizing the list of font file
 and rendering settings you should be able to bring down the variability a
 lot. See figures 4 and 5 on page 13 of
 https://bamsoftware.com/papers/fontfp.pdf.

 What I understand from those figures is that most of the entropy saved is
 in standardizing the exact font files (please correct me if I'm mistaken).
 In comment:19 we have patches that enforce a single list of fonts, and
 bundle exactly the same font files on all platforms. I think that moves us
 from the red line to the blue line. To get closer to the green line, we
 need to adjust rendering settings -- I'd suggest punting that work to
 #16672, because I think it's going to take substantial experimentation to
 optimize those settings across platforms. In the meantime I think it would
 be nice to get user feedback for the bundled fonts in the alpha if
 possible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13313#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list