[tor-talk] TBB font size concern for many users

Joe Btfsplk joebtfsplk at gmx.com
Fri Jan 31 20:56:42 UTC 2014 

On 1/31/2014 11:24 AM, Moritz Bartl wrote:
> On 01/31/2014 04:32 PM, Joe Btfsplk wrote:
>> Is it known that sites CAN detect selected TBB *browser* font names &
>> sizes?
> See 4.6.4 in the Tor Browser design document:
> https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
>
Thanks for the link.  I've read the design document before, but good to 
review.  I read what little browserspy.dk had about fonts.  I've also 
read most of what EFF has on Panopticlick site, about everything.  
Several times. Didn't see the topic / statement on Panopticlick's site, 
referenced in Tor's design document > fingerprinting-linkability - about 
"enumerable list in filesystem order..." :
>From 
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability 

> Fonts According to the Panopticlick study, fonts provide the most 
> linkability when they are provided as an enumerable list in filesystem 
> order, via either the Flash or Java plugins. However, it is still 
> possible to use CSS and/or Javascript to query for the *existence* of 
> specific fonts.
My question is NOT about sites querying which fonts are installed on my 
system (their "existence").
The design document talks about measures taken  to limit font info that 
sites might get (quote below).  But, either I don't understand some 
details in the document (likely), or it doesn't address my actual 
question...
Which is, _can sites can detect the actual fonts & font sizes, 
*currently used by* the browser._

If they CAN, & I *change TBB's default font NAME and / or SIZES * (in 
Options > Content), then I'd be "different" from many TBB users.
I've looked for the answer for several years.  I've never seen *that 
question* / issue discussed - anywhere.  If someone has seen it 
discussed, please point it out.

That's assuming the setting is UNchecked:  "Allow pages to use their own 
fonts."  If I allow using their own fonts, some text on some pages will 
still be very small / difficult to read.
As I determined, zooming pages with Ctrl + mouse scroll, DOES change the 
reported screen size on Panopticlick & Browserspy.dk - even in TBB.

Disregarding Flash & Java (disabled or not installed), every thing I've 
seen about sites getting font info (as I understand), discusses them 
querying which fonts are on your system  - NOT the actual fonts & font 
sizes *currently used by* the browser.

Tor DESIGN:
> Additionally, we limit both the number of font queries from CSS, as 
> well as the total number of fonts that can be used in a document with 
> a Firefox patch 
> <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch>. 
> We create two prefs, *browser.display.max_font_attempts* and 
> *browser.display.max_font_count* for this purpose. Once these limits 
> are reached, the browser behaves as if 
> *browser.display.use_document_fonts* was set. We are still working to 
> determine optimal values for these prefs. 
Again, no discussion of sites detecting TBB's currently selected fonts & 
sizes.

More information about the tor-talk mailing list