Changes between Initial Version and Version 1 of Ticket #18097


Ignore:
Timestamp:
Jan 19, 2016, 6:24:19 AM (3 years ago)
Author:
arthuredelstein
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18097 – Description

    initial v1  
    1 Defending against font fingerprinting is complex. We have to worry about distinguishing attacks via installed font enumeration, text rendering engine differences, and font variants. There are a variety of tickets involved. This ticket is to track our progress.
     1Defending against font fingerprinting is complex. We have to worry about distinguishing attacks via differing installed font sets, text rendering engine differences, and font variants. There are a variety of tickets involved. This ticket is to track our progress.
    22
    33Here's an overview of our approach:
     
    1313We might also be able to reduce the effectiveness of fingerprinting attacks on all platforms by only allowed a limited number of font queries per URL bar domain: see #16312.
    1414
    15 Our #13313 patch whitelists fonts by name, but it likely allows a font installed on the system to supersede a font bundled with the browser. So we would consider changing the patch to whitelisting by font filename or restricting allowed directories for font loading: see #16739.
     15Our #13313 patch whitelists fonts by name, so it likely allows a font installed on the system to supersede a font bundled with the browser if they have the same font name. So we would consider changing the patch to whitelisting by font filename or restricting allowed directories for font loading: see #16739.