[tor-bugs] #18169 [Tor Browser]: Tor Browser 5.5 misses whitelisted zh-CN UI font

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 1 20:03:39 UTC 2016 

#18169: Tor Browser 5.5 misses whitelisted zh-CN UI font
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:
     Type:  defect                               |  arthuredelstein
 Priority:  Very High                            |         Status:  closed
Component:  Tor Browser                          |      Milestone:
 Severity:  Critical                             |        Version:
 Keywords:  tbb-fingerprinting-fonts tbb-        |     Resolution:  fixed
  usability, TorBrowserTeam201601R               |  Actual Points:
Parent ID:  #18097                               |         Points:
  Sponsor:                                       |
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 Replying to [comment:12 gk]:
 > Replying to [comment:10 arthuredelstein]:
 > > Replying to [comment:8 yawning]:
 > > > As a side note, all this messing around with the whitelist still
 feels like a poor solution to something that is ideally addressed by
 decoupling the font fingerprint defenses from the UI rendering.
 > >
 > > Agreed. I think the most feasible way to do this decoupling will be
 when electrolysis is activated, so that we can (hopefully) apply a
 whitelist only to content. Unfortunately I don't see an easy way to do
 this before then.
 >
 > Why not in this case given that almost every feature has a way to query
 whether it is currently executed in a chrome/non-chrome context?

 The font mechanism is pretty convoluted and messy, and different on each
 platform. I did find that it is possible to whitelist fonts for all
 platforms by removing any non-allowed fonts from the shared mFontFamilies
 object, but I'm not optimistic that there will be a cross-platform
 solution for allowing fonts in chrome but not in non-chrome. On the other
 hand, maybe I was too glib, and it may be worth the extra effort even if
 we need to make a lot of changes to the font code for each platform. I
 have opened a ticket here: #18205

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18169#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list