Restrict CSS font visibility to standard fonts only when privacy.resistFingerprinting is true
Categories
(Core :: Layout: Text and Fonts, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox80 | --- | fixed |
People
(Reporter: jfkthame, Assigned: jfkthame, NeedInfo)
References
Details
Attachments
(1 file)
The layout.css.font-visibility.level pref is designed to control whether user-installed fonts are visible to CSS; but if the resistFingerprinting pref is set, it should probably take precedence such that we always use the most restrictive visibility setting.
|
Assignee | |
Comment 1•5 years ago
|
||
|
||
Updated•5 years ago
|
|
||
Comment 3•5 years ago
|
||
| bugherder | ||
|
||
Comment 4•5 years ago
|
||
How about another pref to control this behavior?
There are some of us who would like to continue using both resistFingerprinting and user-installed fonts - in addition to not allowing web pages to use their own fonts, so in that aspect it might have been better an approach that would only hide the user-installed fonts to the webs, IMHO.
|
||
Comment 5•5 years ago
|
||
(In reply to Diego Casorran [:diegocr] from comment #4)
How about another pref to control this behavior?
You have two choices
- Font visibility auto-allows "bundled" fonts (such as Twemoji). Add fonts to your
install-path\fonts(e.g. in windows it would typically beC:\Program Files\Mozilla Firefox\fonts - In FF81+ the hidden pref
font.system.whitelistoverrides font visibility - so set that with the comma delimited values of kBaseFonts [1] and add anything else you want: [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
|
|
||
Comment 6•5 years ago
•
|
||
Thanks Simon, I am on Firefox 80, upgraded yesterday from 79
I have tried your first hint, but unfortunately it is not working.
I did as suggested, I can see at that location TwemojiMozilla.ttf, and i did put them together with it, but the newly added ttf fonts there are apparently not seen by the browser as they don't appear in the options's drop-down(s)
I have also tried to manually add them to font.name-list.serif.x-western to check whether they do show up then, but to no avail.
My layout.css.font-visibility.level pref is set to 3 as i think it must be.
|
|
||
Comment 7•5 years ago
|
||
I don't know if the UI options update to reflect bundled fonts, but manually setting them in about:config should work. TBH, I haven't tried this (my first suggestion) except I expect it to work (Tor Browser have been bundling fonts for years and using them for defaults on some locales), otherwise the Emoji font wouldn't work for RFP users in FF80+ (and that would be a bug). If RFP is enabled, then the font vis pref is ignored (RFP assumes it is 1), so that shouldn't make any difference. Silly question, but I assume you did a Firefox restart?
|
|
||
Comment 8•5 years ago
|
||
Well, i may was mistakenly assuming they would show up in the UI as they do when i do switch off resistFingerprinting, but in any case i do still have user_pref(“font.name.serif.x-western”, “diegocr”); etc in prefs.js as used in previous Firefox versions and haven't changed that yet.
And yes, i did restart Firefox, even the computer :)
Alright, let's see if someone else can bring some light here, thanks for your help Simon anyway, much appreciated.
|
|
||
Comment 9•5 years ago
|
||
Use the right name.. e.g the filename (TwemojiMozilla = wrong, plantc = wrong) vs the name/font-title (Twemoji Mozilla = correct, Plantagenet Cherokee = correct). diegocr looks like a filename, but of course it's your actual custom font, so I can't tell.
|
|
||
Comment 10•5 years ago
|
||
It's both the filename and the font-title, so no chance for mistake in that aspect :)
|
|
Assignee | |
Comment 11•5 years ago
|
||
What type of font is it? What exactly is the full file name (including extension)?
|
|
||
Comment 12•5 years ago
|
||
Hi Jonathan, thanks for your reply. It's a TTF font, and it does work properly any time i do switch off resistFingerprinting in v80 - as it did with previous versions of Firefox regardless - so there is not any issue with it, in case your thoughts were towards that :)
Any other hint will be greatly welcome.
|
|
Assignee | |
Comment 13•5 years ago
|
||
Hmm, do you have the same font installed in Windows as well? I'm guessing this may in effect hide any copy installed as a "bundled" font in the Firefox install /fonts/ directory, because the system-installed copy is seen first and is marked as unavailable when restricted-visibility or RFP is in effect.
To confirm if this is what's happening, try uninstalling it from Windows and only having it in the Firefox fonts directory. Then restart Firefox and see if it becomes available.
If that's the case, I'd consider it a bug that we ought to fix. The natural expectation would be that a bundled font should remain available regardless of whether a copy was installed in the OS, but from a look at the code I suspect this might be the problem you're having.
|
|
||
Comment 14•5 years ago
|
||
That is! as soon i uninstalled it from Windows, Firefox is now able to recognize/see it.
|
|
||
Comment 15•5 years ago
|
||
^^ Same as Diego - confirmed. I took NotoSansBuginese-Regular.ttf from Tor Browser (it is not in my system fonts) and it's available with RFP in Dev81. Closed FF, installed it to my system, restarted FF and its not available.
|
|
Assignee | |
Comment 16•5 years ago
|
||
OK, now we understand what's happening. Could you file this as a new bug, please? It gets really confusing if we start adding new fixes to a closed issue. Thanks!
|
|
||
Comment 17•5 years ago
|
||
Sure, and thanks to you :)
|
||
Comment 18•4 years ago
|
||
(In reply to Simon Mainey from comment #5)
(In reply to Diego Casorran [:diegocr] from comment #4)
How about another pref to control this behavior?
You have two choices
- Font visibility auto-allows "bundled" fonts (such as Twemoji). Add fonts to your
install-path\fonts(e.g. in windows it would typically beC:\Program Files\Mozilla Firefox\fonts- In FF81+ the hidden pref
font.system.whitelistoverrides font visibility - so set that with the comma delimited values of kBaseFonts [1] and add anything else you want: [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
Could you please explain in detail this FF81+ and how to do whitelist .Thanks .
|
|
||
Comment 19•4 years ago
|
||
(In reply to gsbnlda from comment #18)
Could you please explain in detail this FF81+ and how to do whitelist .Thanks .
You requested needinfo from yourself
What are you trying to do? If you are resisting fingerprinting (with privacy.resistFingerprinting = true), or by using the font vis pref, then allowing additional fonts will undermine it's protection
If you really need a specific font, then the two options I outlined above don't get any clearer. Either add the font to Firefox's font directory, or use the hidden pref font.system.whitelist : hidden means you need to create it. The whitelist pref would require maintenance (e.g. if a default font changes, or the font boffins tweak the base fonts list for entropy, and it's not guaranteed to work the same in the long run: such as how it handles font families and styles), so your simplest solution is to just copy the font you want to the font directory
the directory differs per platform, something like this
* Windows: "...\Program Files\Mozilla Firefox\fonts\" (or "Program Files (X86)\etc" for 32bit)
* Mac: "...\Applications\Firefox\Contents\Resources\fonts\"
[NOTE] On Mac you can right-click on the application and select "Show Package Contents"
* Linux: "/usr/lib/firefox/fonts" (or similar)
Description
•