Opened 5 months ago

Last modified 4 months ago

#22787 new defect

Fontconfig warning: remove 'blank' configuration

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-fonts
Cc: dcf Actual Points:
Parent ID: #18097 Points:
Reviewer: Sponsor:

Description

In the log:

Fontconfig warning: line 145: blank doesn't take any effect anymore. please remove it from your fonts.conf

Quickly skimming fontconfig's changelog one finds:

commit 46b2c62faa64250eec3981ee816e91a9a3dee857
Author: Akira TAGOH <akira@…>
Date: Wed Jun 17 16:29:08 2015 +0900

Add a warning for blank in fonts.conf

and remove the unnecessary code for parsing blanks

src/fcxml.c | 7 +++++++
1 file changed, 7 insertions(+)

Child Tickets

Change History (4)

comment:1 Changed 4 months ago by gk

Cc: dcf added

I guess we can't remove that part of fonts.conf, though, until all distros we support have updated to a more recent fontconfig?

comment:2 Changed 4 months ago by dcf

Keywords: tbb-fingerprinting added

Here is the upstream commit (2015-06-17):

https://cgit.freedesktop.org/fontconfig/commit/?id=46b2c62faa64250eec3981ee816e91a9a3dee857

But before that (2015-02-17), they had removed <blank></blank> from the default fonts.conf and made the blanks be hardcoded in the library:

https://cgit.freedesktop.org/fontconfig/commit/?id=d6a5cc665a1d7e91332944353e92c83ad114368c
https://bugs.freedesktop.org/show_bug.cgi?id=79956

I am sure that when I set up fonts.conf for Tor Browser initially, I cargo-culted most of the config from somewhere, including the <blank> section. I don't really know what it does.

According to fonts.dtd, the <blank> section is optional, so I would guess that we can remove it without causing crashes on old versions of fontconfig.

But we may have to deal with this as a new fingerprinting vector (whether we remove the <blank> or not). If we are using the system fontconfig, and the system fontconfig has a built-in set of blanks that varies across systems (it looks like they update it with new Unicode versions), and it's possible for a web page to detect the difference, then it could be used for fingerprinting.

The set of built-in blanks isn't even under version control, because they have a makefile that fetches a list from unicode.org at build time :( So it's likely to be whatever randomly happened to be there when someone built a release.

To test, we could repurpose the fontfp code and replace the list of code points with the unicode.org list.

https://repo.eecs.berkeley.edu/git-anon/users/fifield/fontfp.git

comment:3 Changed 4 months ago by gk

Keywords: tbb-fingerprinting-fonts added; tbb-fingerprinting removed
Severity: MinorNormal

Interesting. Seems to be worth investigating further.

comment:4 Changed 4 months ago by gk

Parent ID: #18097
Note: See TracTickets for help on using tickets.