[tor-bugs] #16312 [Applications/Tor Browser]: Limit font queries per URL bar domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 9 15:30:02 UTC 2020 

#16312: Limit font queries per URL bar domain
--------------------------------------+---------------------------------
 Reporter:  arthuredelstein           |          Owner:  arthuredelstein
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097                    |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------------

Comment (by Thorin):

 In a paper (I'll dig up the reference if required), it was shown that the
 most fonts used (legitimately?) by sites (using an Alexa top sites
 listing) was around `30`, with one site using close to `50`. Most were
 `10` or under. Without the reference to hand, I do not know for sure that
 they were only counting installed fonts. But where would you draw the line
 vs breakage. I assume the analysis excluded FPing scripts that have a font
 component (e.g fingerprintjs2 starts at 60+ fonts). **It would be
 interesting if OpenWPM could return anything meaningful on installed font
 queries per site**

 I also wonder how easy this would be to bypass - I can think of a number
 of ways: i.e I am thinking about what happens on subsequent domain pages
 in the same session, or sub-domains, etc - do I get another free hit?
 Additionally, by using `targeted font lists`, I can still get all the
 entropy possible that I know of (e.g. within TB Window users I only need
 five or six fonts: and you can't hide that you are the Tor Browser on
 Windows, and I will always come in under your limit).

 Limiting the installed fonts used per whatever (domain, sub-domain,
 eTLD+1?) and per session might make it harder for current FPing scripts,
 but will ultimately not hold up. The only real solution, IMO, is for all
 users to have the same identical bundled fonts (different per OS if need
 be) as this also mitigates other font FPing techniques.

 However, given that bundling all fonts for all users ~~might be~~ **is** a
 pipe-dream, this would probably be the next best measure, certainly
 upstream for Firefox RFP users .. assuming it's even feasible (ID~~K~~
 think ~~if~~ it is)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16312#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list