[tor-qa] TBB 5.0a4 is ready for testing

Sat Aug 1 01:11:16 UTC 2015

On Thu, Jul 30, 2015 at 08:55:36PM -0700, Arthur D. Edelstein wrote:
> As Mike suggested, I've posted David's web app here:
> http://qfgbmpw3obwb3ix3.onion
> 
> David --  is this measuring system font glyphs or only web fonts that
> download at the beginning? And can you suggest how to interpret the
> submissions file?

The web app is doing many researchy things, some of which are no longer
important. In particular, you probably want
http://qfgbmpw3obwb3ix3.onion/fastfp, not the default /fontfp. That one
runs in under a second and is a much faster way to test whether the
defense is working. You only need to use /fontfp (which tests against
all of Unicode) if you want to try and find new potentially problematic
code points.

The fastfp page gives you three fingerprints. Only the first one
matters. The other two are simulations of providing a standard-font
defense; i.e., what you've already implemented.
	:2d5db8b8 using system fonts (no defense).
	st:502fc3e6 simulating a defense that allows only standard fonts.
	un:48ac0cd4 simulating a defense with just one standard font.
The only one you need to pay attention to is the ":" one, not the "st:"
one or the "un:" one.

You probably don't want to be collecting submission files. They are set
up to be highly anonymized and to be for a general browser population,
not Tor Browser. You're going to be getting a mix of people visiting the
site, with and without 5.0a4, all their results mixed together with no
way to differentiate them. There is code that partially documents the
submission files in fp/submission.go. An example of what you can do with
submission files is get summary statistics for individual code points,
	$ ./summary/summary submissions/*
	point   minw    maxw    meanw   minh    maxh    meanh   var
	U+0000  0       249     16.06   368     1200    400.74  18.5226
	U+0001  0       0       0.00    368     1200    400.74  16.5118
Or diff two submissions:
	$ ./diff/diff --styles default submissions/1 submissions/2
	U+0000 default    0×369     0×380  (+0,+11)
	U+0001 default    0×369     0×380  (+0,+11)

I think it would be better if we set up a static HTML page that would
print out a complete list of glyph sizes with a checksum. tor-qa people
could self-report their checksum. If we find any that don't match, we
can then try and investigate why (gk and I did a lot of this during the
fontfp research). There's a code point viewer at e.g.
http://qfgbmpw3obwb3ix3.onion/u/03b1. It gives the dimensions of the
glyph in all font styles and shows the glyph on the screen. We resorted
to this to find out why rendering was different across some systems
(i.e., opened a couple of screenshots in Gimp and subtracted them to
find out what pixels were different); that was some of our evidence that
antialiasing settings are a cause of distinguishability.