We intend to enable font visibility restrictions on Nightly in PBM that will prevent all non-system, non-langpack fonts from being used (and therefore detected) by websites. This will mitigate a large source of entropy in a user's fingerprint. Caveats below.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1826408 Specification: n/a Standards Body: n/a Platform coverage: It will apply on Windows, Mac, Ubuntu, and Fedora. It will be enabled but non-functional on Android and other Linux distros. (Meaning the pref will be ‘true’, but it won’t do anything.) Preference: A value of 3 means unrestricted font access. 2 means System and Langpack fonts, and 1 means system fonts only. layout.css.font-visibility.standard controls the behavior for all windows layout.css.font-visibility.trackingprotection controls the behavior for sites with ETP enabled layout.css.font-visibility.private controls the behavior in PBM As part of this work, we will be setting `layout.css.font-visibility.private` to 2 to restrict font visibility in Nightly private windows. DevTools: A console message will be logged upon a font being blocked. However while filing https://bugzilla.mozilla.org/show_bug.cgi?id=1826419 I noticed this may not work in all instances. Blink: I'm not aware of Blink doing anything in this space. WebKit: "font availability [in] web content [only includes] web fonts and fonts that come with the operating system, but not locally user-installed fonts. Web fonts and the common set of web-safe fonts, as well as other OS-bundled fonts, are still available." - https://webkit.org/tracking-prevention/ Tests: None. I believe that it is difficult to write tests for this feature as it requires explicit configuration of test machines with locally installed fonts. Manual testing has been performed. Breakage: This could cause breakage. Because we are not excluding langpacks right now, we think it will be minimal, but this exercise is intended to validate that assumption. We are also designing a release experiment to see how this affects various telemetry signals, such as page refreshes or ETP opt-outs. (Opting out of ETP will disable the restrictions, but this behavior is currently not easily discoverable. We are brainstorming ways to detect and correct breakage automatically or by prompting the user. Results of this prototype and release experiment will determine how important those mechanisms are and how they will be prioritized.) We'll have that telemetry in Nightly also, but it's noisy and less representative. Caveats: We determine if a font is a system or language pack font based on a hardcoded list. We have no such list for Android, nor Linux distros other than Ubuntu & Fedora. So those platforms will have no change in behavior. The lists themselves are to some extent out of date, we don't know how badly right now, but fixing them is in our task queue. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADua4_uuG6UCPqDP6Gy_b9_YcVitZgc7zXUz4%2Bfim7jZBziFuA%40mail.gmail.com.
