Closed Bug 1670199 Opened 4 years ago Closed 1 year ago

RFP + font visibility = 1: entropy improvements

Categories

(Core :: Layout: Text and Fonts, enhancement)

Product:
Core
Component:
Layout: Text and Fonts
Version:
Firefox 83
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: thorin, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

When layout.css.font-visibility.level = 1 (or when RFP is enabled) the kBaseLang lists still create some entropy (at least on Windows)

small scale data results

a tiny data set but enough to identify causes

There are two very distinct sets (win7/wIn10) but minor entropy within those

  • the FF windows list is based on MS windows 10 documentation, and I don't know if it's worthwhile or feasible to try and make 7+10 the same (but may indeed be possible). Keeping in mind that win7 support will be dropped at some stage
  • Win7 (65-68) vs Win10 (101-102): the difference at first glance (exlcuding optional styles), is just fonts new to Win10 which if dropped shouldn't cause breakage/tofu: they're just new fonts like Corbel as far as I can tell

external factors

The small scale testing has shown that some external factors effect fonts

  • some fonts come with optional MS patches
  • some fonts come from optional MS products (and maybe products that license them)
  • some fonts seems to be edition specific: e.g. Pro N, Home, Enterprise) (see HoloLens)
  • Also, but out of scope: users can manually remove fonts

IANA-font-expert: but they seem to be additional styles added to families: I do not know if Calibri Light is a family: it seems to be added to the single Calibri entry in the windows font directory

Here are some known examples (there may be more)

  • Arial Narrow (does not come with windows, but comes with at least MS Office)
  • Calibri Light + Calibri Light Italic (optional win7 MS update) [1]
  • HoloLens MDL2 Assets [2, from 2015, but seems some editions don't have it]

[1] https://support.microsoft.com/en-my/help/2761217/an-update-is-available-to-add-the-calibri-light-and-calibri-light-ital
[2] https://docs.microsoft.com/en-us/typography/font-list/hololens-mdl2-assets

possible solutions / ideas

First, I think an analysis the larger set of font data collected by telemetry would give us a better picture and triage the severity

  • we could move some optional entries out of kBaseFonts: such as Calibri Light and HoloLens MDL2 Assets
  • we could reducing the surface and do the same for fonts that are not "absolutely" needed: e.g. Corbel, Consolas, Impact, all the Bahnschrift*, all the Sitka*, etc - this could maybe even allow parity with Win7 (but not as the reason why: users can still remove fonts from windows: so more of a defense in depth)
  • we could change to allowing a per style approach (e.g Arial Narrow). I have no idea how easy or complex that is and how it affects Mac/Linux
  • not sure how you would want to frame that: add a new section, or move them into kBaseLangFonts (which would mess with the naming convention)

notes

From line 7 of the windows file [3]

TODO: check whether we need to list legacy styled family names like "... Light".

I'm not sure if that means to check if Calibri already covers Calibri Light, or if it was a reminder to look at how to handle styles within a family for more granular control

[3] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc

Component: Untriaged → Layout: Text and Fonts
Product: Firefox → Core

they're just new fonts like Corbel as far as I can tell

ugh.. sorry, Corbel is in common. I mean something like Bahnschrift

Note: we can already determine from feature detection that the OS is windows
Free Extra Entropy: Bug 1686274 : enables a simple reliable test (twemoji) for Windows 7 vs Windows 8/10
Solution: ignore gfx.bundled-fonts.activate and return it as 1 when RFP = true

(In reply to Simon Mainey from comment #2)

Note: we can already determine from feature detection that the OS is windows
Free Extra Entropy: Bug 1686274 : enables a simple reliable test (twemoji) for Windows 7 vs Windows 8/10
Solution: ignore gfx.bundled-fonts.activate and return it as 1 when RFP = true

Good point, that may be worth doing. Care to file a bug for that?

(Though TBH I'd expect it to be pretty easy to distinguish Win7 vs Win10 in other ways already. So I'm not sure how much value there is in this.)

(Though TBH I'd expect it to be pretty easy to distinguish Win7 vs Win10 in other ways already. So I'm not sure how much value there is in this.)

It's actually pretty hard (I've tried, but not specifically really dug deep). About the only thing that helps fingerprint Windows versions IMO is fonts, but it's not as clean and reliable as gifting twemoji

Bug 1687691: needs a tor-uplift tag

(In reply to Simon Mainey from comment #4)

(Though TBH I'd expect it to be pretty easy to distinguish Win7 vs Win10 in other ways already. So I'm not sure how much value there is in this.)

It's actually pretty hard (I've tried, but not specifically really dug deep). About the only thing that helps fingerprint Windows versions IMO is fonts, but it's not as clean and reliable as gifting twemoji

Fair enough; I'm fine with linking this to RFP, to at least make things harder.

given win7 and win8* are now EOL (except for ESR115 and I don't see this as being addressed in the next year), the differences are greatly lessened. That said there are still differences with font variants, but with windows being 84% of FF users my gut suspicion is that there are numerous users (200mn+ FF users) in the "few" buckets at font vis 1 (for RFP)

for example, all those in 8 and 8.1 (and 7, not shown) are in 10, so no longer an issue in font enumeration

// 8
'Calibri Light', // = optional on win7
'Calibri Light Italic','Gadugi','Nirmala UI','Microsoft JhengHei UI','Microsoft YaHei UI','Myanmar Text','Segoe UI Semilight',
// 8.1
'Javanese Text','Leelawadee UI','Leelawadee UI Semilight','Microsoft JhengHei Light','Microsoft JhengHei UI Light',
'Microsoft YaHei Light','Microsoft YaHei UI Light','Nirmala UI Semilight','Segoe UI Black','Segoe UI Emoji',
'Sitka Banner','Sitka Display','Sitka Heading','Sitka Small','Sitka Subheading','Sitka Text','Yu Gothic','Yu Gothic Light',
// 10
'Bahnschrift','Candara Light','Corbel Light','HoloLens MDL2 Assets','Malgun Gothic Semilight','Segoe MDL2 Assets',
'Segoe UI Historic','Yu Gothic Medium','Yu Gothic UI','Yu Gothic UI Light','Yu Gothic UI Semilight','Yu Gothic UI Semibold'

FPP using font vis 2 is out of scope. TB windows on the other hand is even tighter than font vis 1, with most fonts being bundled

+1 for closing as WONTFIX, unless anyone ever wants to explore limiting fonts by font name, not family. At this point RFP is fine, and TB do their own thing with the font whitelist

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.