Do we have any telemetry (like use counters) to measure when a site uses
a non-system or non-langpack font? Do we know of any sites that use
non-system or non-langpack fonts? I imagine a common case (besides
fingerprinting) would be sites using Helvetica, not realizing it's not a
default Windows font.
I've been dogfooding the various incarnations of these font visibility
prefs ("layout.css.font-visibility.level",
"layout.css.font-visibility.standard", "layout.css.font-visibility", and
"privacy.fingerprintingProtection") to only show base system fonts on
Windows since 2020 (bug 1634677) and haven't noticed any obvious site
breakage. (Caveat: I've only tested English language sites.)
On 8/30/2023 3:03 AM, Tim Huang wrote:
Yes, the font visibility restriction will apply to people who don't
have `privacy.fingerprintingProtection` flipped. However, the behavior
only affects private browsing windows. It won't apply to the normal
browsing windows.
We have tested the top tier sites and top designer sites. So far, we
haven't found any font-related issues on those sites. So, we believe
the protection won't affect the browsing experience of daily usage to
average users.
On Tue, Aug 29, 2023 at 7:53 PM Gijs Kruitbosch
<[email protected]> wrote:
Does this apply even for people who have not flipped
`privacy.fingerprintingProtection`? And do we have a sense of how
many websites would be affected in terms of actually displaying
differently as a result?
~ Gijs
On 28/08/2023 10:06, Tim Huang wrote:
We intend to enable font visibility restrictions in private
browsing windows from Fx118. To reduce entropy exposed by fonts,
we restrict the visibility of fonts to websites. The protection
prevents websites from accessing all non-system and non-langpack
fonts.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1849903
Standard: n/a
Platform coverage:
It apply on all desktop platforms, including Windows, Mac, and
Linux. We won't cover Android momentarily, but we are working on it.
Preference:
The font visibility restrictions in PBM is behind the pref
"privacy.fingerprintingProtection.pbmode". We will set this pref
to true to enable this protection in private browsing windows.
For normal windows, there is another pref called
"privacy.fingerprintingProtection" to control the behavior.
This feature was previously discussed in this "Intent to
prototype" thread:
https://groups.google.com/a/mozilla.org/g/dev-platform/c/tKOOrYXDoHA/m/X4mj4nc-AgAJ
More information can be found there.
--
Tim Huang
Mozilla
email:[email protected]
--
You received this message because you are subscribed to the
Google Groups "[email protected]"
<mailto:[email protected]> group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7ML8wJ8RiokqTYKZNNFGYk9t7jwUv0EqTqco%3Dn6KOvDonA%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7ML8wJ8RiokqTYKZNNFGYk9t7jwUv0EqTqco%3Dn6KOvDonA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7MLOq6CSuyZcBnDnZ4TDOq1Eveo-Y88HYV0A08JE4MZr-A%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7MLOq6CSuyZcBnDnZ4TDOq1Eveo-Y88HYV0A08JE4MZr-A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/1373e0e5-770f-40ab-b1b4-1fa29e9f8e2e%40mozilla.com.
