[tbb-bugs] #20842 [Applications/Tor Browser]: Proposal: Improve Tor Browser font whitelist / bundled fonts
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 19 22:46:31 UTC 2019
#20842: Proposal: Improve Tor Browser font whitelist / bundled fonts
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability, ux-team | Actual Points:
Parent ID: #18097 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
I don't think it's being punted for risk. I think it's being punted for a
few reasons:
1. It's not whitelisting them, it's bundling them. We have to figure out
which platforms need them, which have them (and since when) and bundle
them on the ones that don't have them.
2. We have the evaluate the file size bump in our packages from doing so.
3. We probably don't want to just quick add fonts for whoever asks the
most (no offense) but rather in some more impartial fashion that also
captures other requests and the original intent of this bug, which was to
replace fonts with ones that were better.
I'm not completely sold on #3 as a blocker though.
Aside from all that. We learned via a Canvas Fingerprinting exploration,
that the same font from different versions of the same OS renders
differently. This would be an argument to whitelist zero system fonts and
only use ones we bundle across all OSes.
(However we're not sure if the OS itself also renders the same font file
differently AFAIK....)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20842#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list