Re: BUG: Tor Browser 9.0.* - font fingerprinting defenses don't work

2020-03-15 Thread Caspar Schutijser 
Hi,

On Sat, Mar 14, 2020 at 11:45:13AM -, Bronze Alibi wrote:
> This is my first time posting to this list, so if there is a better way to do
> this please tell. :)  

I think this place is fine.

> (tested on current with the provided package and nothing else installed)  
> 
> It looks like the  Font
> fingerprinting defenses from upstream don't work in the OpenBSD port.  
> 
> When checking for the fingerprint on one of the websites that do such a thing,
> it seems like the installed fonts property is not uniform with tor browser on
> other platforms, but instead unique to OpenBSD and this port. It lists some
> specific proprietary font names (including Helvetica, which I would assume we
> don't ship in base, but some free replacement) and therefore makes users of
> the OpenBSD tor browser distinct from every other tor browser user.  
> 
> This is a bug.  
> 
>   
> 
> I thank everyone involved with the port and hopefully we can send fixes
> required upstream.  

Thank you for scrutinizing this port and the clear problem statement. I
don't know yet when but I'll have a look at this and keep you posted.

Thanks,
Caspar Schutijser

BUG: Tor Browser 9.0.* - font fingerprinting defenses don't work

2020-03-14 Thread Bronze Alibi 
Hello,  

This is my first time posting to this list, so if there is a better way to do
this please tell. :)  

  

(tested on current with the provided package and nothing else installed)  

It looks like the  Font
fingerprinting defenses from upstream don't work in the OpenBSD port.  

When checking for the fingerprint on one of the websites that do such a thing,
it seems like the installed fonts property is not uniform with tor browser on
other platforms, but instead unique to OpenBSD and this port. It lists some
specific proprietary font names (including Helvetica, which I would assume we
don't ship in base, but some free replacement) and therefore makes users of
the OpenBSD tor browser distinct from every other tor browser user.  

This is a bug.  

  

I thank everyone involved with the port and hopefully we can send fixes
required upstream.