Opened 2 years ago

Closed 8 months ago

#25489 closed enhancement (duplicate)

Implement a fallback mechanism for icon fonts and SVGs used in CSS for high-security mode

Reported by: cypherpunks Owned by: hiro
Priority: Low Milestone:
Component: Webpages/Styleguide Version:
Severity: Normal Keywords:
Cc: irl, antonela Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


It should be possible to fall back to PNG assets in high security mode where icon fonts (font awesome and tor icons) would not be available, and SVG graphics would also not be available.

I am not yet aware of a method of doing this reliably across all browsers, it may be worth talking to the Tor Browser people before looking at this to see if they have ideas.

Child Tickets

#29932defectclosedhiroImages are not loaded with the security slider set to "Safest"

Change History (6)

comment:1 Changed 2 years ago by cypherpunks

I am not yet aware of a method of doing this reliably across all browsers ;)

comment:3 Changed 11 months ago by torlove

Is there anything about Font Awesome itself that is unsafe for the safest mode? If not, what is stopping Tor Browser from simply embedding the font (or fonts, to be backwards compatible) into the app? Is it a licensing concern?

On a related note, Tor Browser might do well to include the 50 most popular web fonts, out of the box.

If this is a possibility, tell me and I will volunteer time to research the 50 most popular webfonts that can legally be included. There are available statistics on popular fonts. I will also seek to supply web developers with a wide variety of font styles (including extended, narrow, slab, script, calligraphic, etc) such that any privacy aware web developer can easily find a fonts from our selection to either completely fulfil their needs, or provide a good fallback.

In the interests on onboarding as many participants as possible and reducing the bandwidth on the Tor network we should provide the basics. Webfonts today are used so prevalently that we simply cannot completely ignore all font requests. Even, in the safer modes.

Yes these caches may need to be updated from time to time as more glyphs are developed, but not strictly necessary.

To summarise:

  • Can Font Awesome be supported by being packaged into Tor Browser itself?
  • Can we provide some support for popular webfonts in a similar manner?

comment:4 Changed 10 months ago by torlove

Serious question... Does Hiro still work on Tor and receive messages?

comment:5 Changed 9 months ago by torlove


comment:6 Changed 8 months ago by pili

Resolution: duplicate
Status: newclosed

We think this would be a good addition to the style guide, unfortunately we don't currently have the bandwidth to investigate this.

Moving this to gitlab for now:

Note: See TracTickets for help on using tickets.