Open Bug 1880901 Opened 2 years ago Updated 1 year ago

[LINUX] Google Noto fonts used instead of Microsoft TTF fonts when privacy.fingerprintingProtection=true

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 123
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox123 --- wontfix
firefox124 --- wontfix
firefox125 --- wontfix

People

(Reporter: aros, Unassigned)

References

(Blocks 2 open bugs, Regression)

Details

(Keywords: regression)

Attachments

(5 files)

Slashdot in Firefox 122
122.34 KB, image/png
Details
Slashdot in Firefox 123
140.19 KB, image/png
Details
characters not rendered.png
31.15 KB, image/png
Details
bisection.png
72.41 KB, image/png
Details
bisect.log
14.61 KB, text/x-log
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0

Steps to reproduce:

I really don't appreciate how Firefox 123 under Linux now defaults to Google Noto fonts even when I have Microsoft fonts installed.

That's a regression and I'm not a fan of it.

Actual results:

Visit slashdot.org - some Google Noto font is used for the text.

Expected results:

font-family: Arial, sans-serif must be used because I have the Arial font installed.

Firefox 122 used proper fonts.

OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Summary: [LINUX] Firefox ignores system wide Microsoft core TTF fonts and uses Google Noto fonts instead → [LINUX] Firefox ignores system wide Microsoft TTF fonts and uses Google Noto fonts instead
Attached image Slashdot in Firefox 122
Attached image Slashdot in Firefox 123

This applies to multiple other websites as well.

Component: Untriaged → Layout: Text and Fonts
Product: Firefox → Core

I've completely deleted Google Noto fonts from my system which broke other applications which actually used them but whatever.

That's not in the release notes either.

We did restrict the list of exposed fonts, but already Firefox 119.

The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.

https://www.mozilla.org/en-US/firefox/119.0/releasenotes/

I am not sure what changed in 123. The default font lists on Linux don't include Mircrosoft fonts: https://searchfox.org/mozilla-central/source/gfx/thebes/StandardFonts-linux.inc

I've not changed anything in my system for quite some time. Also, as you can see Firefox 122 doesn't have this issue.

So, something in 123 has changed which results in this bug.

(In reply to Artem S. Tashkinov from comment #6)

I've not changed anything in my system for quite some time. Also, as you can see Firefox 122 doesn't have this issue.

So, something in 123 has changed which results in this bug.

Since it's a recent regression, can you try using mozregression to identify the patch which changed this behavior?

  1. Is this in Private Browsing Mode or Regular?
  2. What do you have Enhanced Tracking Protection set to in about:preferences#privacy?
  3. If you change it to Custom and uncheck Suspected Fingerprinters does the behavior revert to what you previously had?

Bug 1851816 is the only thing I could think of that landed in 123..

  1. What are the values of privacy.resistFingerprinting, privacy.resistFingerprinting.pbmode, privacy.fingerprintingProtection, and privacy.fingerprintingProtection.pbmode in about:config? (Check this before you try #3...)
Flags: needinfo?(aros)
  1. Regular.
  2. Strict mode.
  3. This fixes the issue.
  4. privacy.fingerprintingProtection.pbmode is set to false, everything else is by default.
Flags: needinfo?(aros)

BTW, disabling "Suspected Fingerprinters" automatically sets privacy.fingerprintingProtection.pbmode to false.

privacy.fingerprintingProtection.pbmode is set to false, everything else is by default.

This got disabled after you told me to uncheck "Suspected Fingerprinters", otherwise it was set to true (default).

Okay, so Strict mode will apply the settings in Normal and PBM, and disabling it causes the behavior to go away, so that explains why it's happening - but it doesn't explain why it started happening in 123 and not 122.

Bug 1863574 is possibly relevant here, it would come into play with FPP is enabled via Strict mode, and perhaps you've unchecked "Allow pages to choose their own fonts" (since you care about fonts.) But that patch landed in 122, so it doesn't explain why there'd be a difference between 122 and 123.

I think mozregression might be the best tool at our disposal to figure out what it is the root cause here.

There's even more breakage than I initially thought, certain fonts fail to load/render at all.

https://www.opennet.ru/opennews/art.shtml?num=60643

Scroll to the comments section.

And again deleting Google Noto fonts fixes this.

2024-02-23T15:19:50.693000: DEBUG : Found commit message:
Bug 1866965 - Add list of standard fonts for Fedora 38. r=emilio

Fedora 38 is still supported since Fedora supports the previous release
in addition to the current one. I added a font list for Fedora 38 and
code to detect the version.

Depends on D197229

Differential Revision: https://phabricator.services.mozilla.com/D197230

2024-02-23T15:19:50.693000: DEBUG : Did not find a branch, checking all integration branches
2024-02-23T15:19:50.695000: INFO : The bisection is done.
2024-02-23T15:19:50.697000: INFO : Stopped
Attached image bisection.png

I don't understand where to get the bisection log, so I'm attaching the visual output of the bisection tool.

Attached file bisect.log

grepped INFO, must be enough.

Keywords: regression
Regressed by: 1866965

Ah that makes sense (assuming your are on Fedora), before bug 1866965 we didn't have a list of default fonts for your Fedora version, so we didn't actually restrict the exposed fonts.

:alex, since you are the author of the regressor, bug 1866965, could you take a look?

For more information, please visit BugBot documentation.

Flags: needinfo?(alex)

I don't have a single "standard"/"default" Fedora font installed and it looks like Firefox for Linux does (restrict) a lot more more than it should.

There's no such thing as "standard" fonts on Linux distros. It's not Windows where you know for a fact there's a certain font set. AFAIK starting from Windows Vista you cannot even delete default fonts.

There is code that disables the font restriction if less than three standard fonts are available. It looks like that was happening before I updated the font lists, and after I updated them the Google Noto fonts are available so the restriction is no longer disabled. I guess you should just disable the font fingerprinting protection since you want to use custom fonts.

Flags: needinfo?(alex)

you should just disable the font fingerprinting protection since you want to use custom fonts.

  1. There's no such thing as "standard" fonts for Linux distros. Fedora 38 may have a different font set than Fedora 40 and indeed a set of fonts this and other distros provide have changed many times.
  2. There's a bug and this reply doesn't address it properly. The user must not be meddling with about:config settings to get an unbroken product.
  3. I don't even use Firefox built by Fedora, I use your official binary tar.bz2 build. I wonder how does Firefox even detect it's using Fedora. I may be running any Linux distro. about:support does not have a single instance of Fedora in it.

It's alarming that Firefox:

3.1 Detects my distro behind my back, secretly
3.2 Radically changes its behavior (!) in ways that are not conveyed to the user in any shape or form.
3.3 Restricts fonts that could be used despite the available fonts on the system,
3.3.1 Not providing all the charsets required to render pages
3.3.2 Breaking what websites specify

Imagine you receive a Word document in Windows and your Microsoft Word decides not to use the specified fonts and instead uses whatever it feels is appropriate and in the process breaks formatting and the author's intent. How would you feel about that?

Flags: needinfo?(alex)

I'm not a Firefox developer and I didn't implement this feature. All I did was update the font lists that Firefox was using to fix an issue that I was encountering. I'm not the right person to argue with if you don't like this feature.

  1. There's no such thing as "standard" fonts for Linux distros. Fedora 38 may have a different font set than Fedora 40 and indeed a set of fonts this and other distros provide have changed many times.

There's a different list for each version.

  1. I wonder how does Firefox even detect it's using Fedora.

It reads /etc/os-release.

Flags: needinfo?(alex)
Component: Layout: Text and Fonts → Privacy: Anti-Tracking
Summary: [LINUX] Firefox ignores system wide Microsoft TTF fonts and uses Google Noto fonts instead → [LINUX] Google Noto fonts used instead of Microsoft TTF fonts when privacy.fingerprintingProtection=true
Blocks: tp-breakage
Blocks: fingerprinting-breakage
No longer blocks: tp-breakage
Severity: -- → S3
Priority: -- → P3

The bug has a release status flag that shows some version of Firefox is affected, thus it will be considered confirmed.

Status: UNCONFIRMED → NEW
Ever confirmed: true

Set release status flags based on info from the regressing bug 1866965

status-firefox125: --- → affected
status-firefox-esr115: --- → unaffected

I'm not sure about the resolution here. We don't have TTF fonts in kBaseFonts_Fedora_38 array, and naturally Firefox blocks it to reduce fingerprinting. How should we fix this issue?

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: