[tor-bugs] #18169 [Tor Browser]: Tor Browser 5.5 misses whitelisted zh-CN UI font
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 30 22:59:02 UTC 2016
#18169: Tor Browser 5.5 misses whitelisted zh-CN UI font
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
Type: defect | arthuredelstein
Priority: Very High | Status:
Component: Tor Browser | needs_review
Severity: Critical | Milestone:
Keywords: tbb-fingerprinting-fonts tbb- | Version:
usability, TorBrowserTeam201601R | Resolution:
Parent ID: #18097 | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by yawning):
Replying to [comment:7 jason]:
> Microsoft YaHei is 微软雅黑. In the same way, Microsoft YaHei UI should
be 微软雅黑 UI, but I can't find the Chinese name in my system.The
differences between the two is that (at least) numberic characters and
punctuation marks are rendered in different styles.It won't break whole TB
UI like yawning mentioned.
The breaking the whole UI thing is because Firefox queries the OS for what
the default font is used to render the UI. If the *exact* font is not
available, Firefox doesn't do the right thing, and the UI is rendered
using god knows what, breaking everything.
Firefox does not know that "YaHei" is "YaHei UI", with minor changes, all
Firefox knows is the OS says to use "YaHei UI", and "YaHei UI" isn't
available.
> Some users say fonts in new version are ugly. If that's a reasonable
request, I suggest 微软雅黑 Light and Microsoft YaHei UI Light should be
whitelisted.
Expanding the whitelist more than necessary increases fingerprinting risk.
YaHei and JhengHei are Vista+ and thus are not available on all platforms.
As a side note, all this messing around with the whitelist still feels
like a poor solution to something that is ideally addressed by decoupling
the font fingerprint defenses from the UI rendering.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18169#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list