[tor-bugs] #16312 [Tor Browser]: Limit font queries by URL bar domain (was: Limit fonts to a whitelist?)

Tue Jan 19 01:53:27 UTC 2016

#16312: Limit font queries by URL bar domain
--------------------------------------+---------------------------------
 Reporter:  arthuredelstein           |          Owner:  arthuredelstein
     Type:  defect                    |         Status:  reopened
 Priority:  Medium                    |      Milestone:
Component:  Tor Browser               |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:                            |         Points:
  Sponsor:                            |
--------------------------------------+---------------------------------
Description changed by arthuredelstein:

Old description:

> Until we land #13313, we need a font limiting patch for the ESR38 version
> of Tor Browser, because it wasn't really feasible to port the patch for
> #2872. I would suggest a patch that limits font usage per url bar domain.

New description:

 In #13313, we introduced a patch to restrict the fonts allowed to be
 loaded in Tor Browser. But different versions of the same font could still
 be used to distinguish users. We could potentially limit the damage by
 introducing a second patch that restricts the number of allowed font
 requests per URL bar domain.

 Previously we had a patch for #2872 that worked something like this,
 although it wasn't tied to URL bar domain.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16312#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online