[tor-bugs] #16672 [Tor Browser]: Text rendering allows fingerprinting

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 7 23:06:46 UTC 2015 

#16672: Text rendering allows fingerprinting
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  arthuredelstein        |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting-fonts, tbb-5.0,
  Browser                |  TorBrowserTeam201508R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by arthuredelstein):

 * keywords:  tbb-fingerprinting-fonts, tbb-5.0 => tbb-fingerprinting-fonts,
     tbb-5.0, TorBrowserTeam201508R
 * status:  new => needs_review


Comment:

 Here are some fixup patches for review:

 There are two commits for tor-browser-bundle.git:
 https://github.com/arthuredelstein/tor-browser-bundle/commits/16672+1
 And one commit for tor-browser.git:
 https://github.com/arthuredelstein/tor-browser/commits/16672+2

 Builds for testing are available at:
 https://people.torproject.org/~arthuredelstein/downloads/16672-builds/

 After carefully examining several free fonts including Noto Sans and Noto
 Serif, I decided at this stage that the best way to keep users happy is to
 follow Mike's suggestion and use native Latin system fonts. For Mac I
 chose (Verdana, Georgia, Courier) and for Windows (Arial, Georgia, Courier
 New). These fonts are installed by default on their respective operating
 systems. This approach potentially sacrifices some fingerprinting
 protection, because different Windows or Mac versions may have different
 versions of Arial, for example. So it will make sense to revisit this
 problem and see if it is possible either to suppress any variations in
 default fonts, or to find free fonts that look as good as the default
 counterparts.

 The font situation in Linux is much more complex. No fonts can be relied
 upon in every linux flavor. So I chose to bundle Arimo, Tinos, and Cousine
 fonts (Sans, Serif, and Monospace respectively), which I think are
 aesthetically better than the Noto Latin fonts. (Arimo and Tinos are
 metrically idential to Arial and Times.) I also added dcf's fontconfig
 patch, which makes sure no fonts are used outside the bundled font
 directory, and also standardizes certain font settings, such as hinting
 and aliasing.

 Obviously I haven't been able to try every OS flavor -- so I'm very
 interested to hear what checksums people get on various systems using
 David's test: https://people.torproject.org/~dcf/fonttest.html

 I also modified the prefs in Tor Browser to enforce a strict font fallback
 order for every supported language. It will be interesting to see if this
 patch allows David and Mortiz to get matching checksums on their two
 Debian systems.

 (In the pref patch, I also removed Noto Kufi Arabic in favor of Noto Naskh
 Arabic.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16672#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list