CSS line-height reveals the platform Tor Browser is running on

Dr. Neal Krawetz reported via HackerOne that it is possible to detect the platform a Tor Browser is running with the CSS line-height attribute: 19px is used on Linux, 19.5167px on macOS, and 19.2px or 20px on Windows.

We could think about adjusting that to 20px independent of the platform Tor Browser is running on.

added TorBrowserTeam201712R component::applications/tor browser owner::igt0 priority::medium resolution::fixed reviewer::gk severity::normal status::closed tbb-fingerprinting-os type::defect labels

FWIW: this is https://bugzilla.mozilla.org/show_bug.cgi?id=1397994 on Mozilla's side.

Trac:
Owner: tbb-team to igt0
Status: new to accepted

Many fonts have issues with their vertical metrics. they are used to influence the height of ascenders and depth of descenders. Gecko uses it to calculate the line height (font height + ascender + descender), however because of that idiosyncratic behavior across multiple operating systems, it can be used to identify the user's OS.

The solution proposed in the patch([1]) is to use a default factor to be multiplied as ascender and descender. This way all operating systems will have the same line height.

[1] https://trac.torproject.org/projects/tor/attachment/ticket/23104/0001-bug-23104-Add-a-default-line-height-compensation.2.patch

Trac:
Reviewer: N/A to gk
Cc: N/A to igt0

Trac:
Status: accepted to needs_review

Trac:
Keywords: N/A deleted, TorBrowserTeam201709R added

Trac:
0001-bug-23104-Add-a-default-line-height-compensation.2.patch

Updated patch - Revision 2

Updated patch(accidentally I submitted an old version):

https://trac.torproject.org/projects/tor/attachment/ticket/23104/0001-bug-23104-Add-a-default-line-height-compensation.2.patch

Okay, some comments. I just tested Windows and Linux builds and it seems your fix works for me. Nice! Do you have a test which let you check your patch works correctly? If not, how have you verified your patch does indeed fix the problem?

In Tor Browser (and Mozilla in Firefox) we bind our fingerprinting resistance to the privacy.resistFingerprinting preference: only when that preference is set to true all the fingerprinting patches are active. If not then the default Firefox behavior in that regard is visible. That way it is much more easier for Mozilla to upstream our patches.

Could you make sure as well that your code is only active when this preference is set to true and inactive otherwise? Bonus points for a unit test showing that your patch does indeed do what it claims it does.

Trac:
Keywords: TorBrowserTeam201709R deleted, N/A added
Status: needs_review to needs_revision

Trac:
0001-bug-23104-Add-a-default-line-height-compensation.3.patch

Revision 3

Code updated to use privacy.resistFingerprinting and I added a tbb test:

https://trac.torproject.org/projects/tor/attachment/ticket/23104/0001-bug-23104-Add-a-default-line-height-compensation.4.patch

Trac:
Status: needs_revision to needs_review

Trac:
0001-bug-23104-Add-a-default-line-height-compensation.patch

Revision 3

Trac:
0001-bug-23104-Add-a-default-line-height-compensation.4.patch

Revision 4

Trac:
Keywords: N/A deleted, TorBrowserTeam201709R added

Looks good to me and works on Linux and Windows at least. The test passes as well. I wonder, though, how future-proof the test is assuming the factor 1.2 comes from NORMAL_LINE_HEIGHT_FACTOR? Adding some folks for a second review.

Trac:
Cc: igt0 to igt0, mcs, brade, pospeselr, arthuredelstein