Closed Bug 1881993 Opened 2 years ago Closed 2 years ago

Create an Android lang-pack font list and allowlist fonts like One UI Sans KR VF

Categories

(Firefox for Android :: General, defect)

Product:
Firefox for Android
Component:
General
Version:
Firefox 124
Platform:
All
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
128 Branch
Tracking Flags:
Tracking Status
firefox124 --- wontfix
firefox125 --- wontfix
firefox128 --- fixed

People

(Reporter: gfmshj6ww, Assigned: fkilic)

References

(Blocks 1 open bug)

Details

(Whiteboard: [qa-triaged][fpp:m?])

Attachments

(4 files)

screenshot android firefox korean.7z
1.53 MB, application/x-7z-compressed
Details
Bug 1881993 - Allow use of important fonts through FontVisibilityLangPack. r?tjr
48 bytes, text/x-phabricator-request
Details | Review
RFP_240515.jpg
614.51 KB, image/jpeg
Details
Default_240515.jpg
576.95 KB, image/jpeg
Details

Steps to reproduce:

  1. Access the about:about page.
  2. Access a Korean webpage.

Actual results:

  1. When accessing the about:about page, the font is enlarged, and the screen is fixed, making it impossible to move to the bottom of the screen.

  2. https://bugzilla.mozilla.org/show_bug.cgi?id=1865238
    The symptom is identical to that of the link mentioned above. The font of web content changes weirdly, reducing readability.

Test device: Galaxy S series Android 14 OneUI 6.0

Thanks to the patch you provided last time, the fonts were displaying correctly up until version 123. However, the issue has resurfaced starting from the 124 beta version and the 125 nightly version. A peculiar thing to note is that when entering the about:about page, the screen is zoomed in and it does not scroll to the bottom of the screen.

See Also: → 1865238

Thank you for your report! I was able to reproduce this issue on: Firefox 124.0b3 and Firefox Nightly 125.0a1- 26.02.2024 with Samsung Galaxy S23 Ultra (Android 14)

Severity: -- → S3
Status: UNCONFIRMED → NEW
status-firefox124: --- → affected
status-firefox125: --- → affected
Ever confirmed: true
Whiteboard: [qa-triaged]

:sachanaz do you think something changed that could have caused this coming back in 124?

Flags: needinfo?(krosylight)

I did not change anything at least, m_kato or jfkthame may know better. The pref hasn't changed after bug 1865238, so might be something in the font system.

BTW, I cannot reproduce either 1 nor 2 from my S22 Ultra with Feb 2024 update either with stable/beta/nightly, I also tried to change the browser language from en-US to Korean too but it didn't matter. Might be S23+ specific.

Flags: needinfo?(m_kato)
Flags: needinfo?(krosylight)
Flags: needinfo?(jfkthame)

Thank you all for your responses. The model I am using is the S21. Currently, the issue is occurring in both the beta and nightly versions. Also, in the beta and nightly versions, it is impossible to zoom in or out with fingers on the about:about page.

Hmm, the font seems to be from San Serif to Serif. I don't modify prefs etc but the latest version of Fenix/GeckoView will change TargetSDK to Android 14.

Flags: needinfo?(m_kato)

I guess that /system/etc/fonts*.xml doesn't have enough font information?

But that shouldnt' depend on Firefox version?

I wonder if this is related to bug 1826412. The font lists landed there don't mention the One UI Sans font that Samsung devices want to use, so if visibility restrictions are in effect it'll be blocked and they'll have to fall back to something else. Tom, is that probably what's happening here? How should we resolve it?

Flags: needinfo?(jfkthame) → needinfo?(tom)

So in Bug 1878407 we enabled FPP in PBM mode, but font visibility is not enabled there yet. If Resist Fingerprinting is enabled, that would turn on Font Visibility restrictions though. As would editing the font visibility prefs of course.

gfmshj6ww - have you edited any prefs via about:config - specifically privacy.resistFingerprinting or layout.css.font-visibility? If you have installed any addons they might have flipped the first pref, so could you confirm it is set to false?

Flags: needinfo?(tom) → needinfo?(gfmshj6ww)

(In reply to Tom Ritter [:tjr] from comment #10)

Hmm... I was using the stable version without any issues when RFP was enabled, just like before. Since I usually use RFP, I didn't think it could be the cause. Has there been any change related to Korean fonts in RFP? When I disabled RFP in the nightly version and accessed the webpage again, the fonts displayed correctly.
However, I really want to use RFP. Is there any way to use the original fonts while using RFP as before? When RFP is enabled in the nightly version, the Korean font changes to one that is very hard to read.
Also, the issue with being unable to zoom in or out on the about page still occurs even when RFP is disabled.

Flags: needinfo?(gfmshj6ww)

https://hg.mozilla.org/integration/autoland/rev/3e69e06c6fcc
The link above doesn't seem to include any Korean fonts; could this be related to the issue?

https://bugzilla.mozilla.org/show_bug.cgi?id=1865238 (23.11.16)
https://bugzilla.mozilla.org/show_bug.cgi?id=1674683 (20.10.24)

Also, there have been several instances where the fonts in Firefox change every time Samsung Galaxy undergoes an OS upgrade. In Korea, virtually no other Android users exist besides those using Samsung Galaxy, essentially leaving no choice but to opt for Galaxy. However, compatibility between Galaxy and Firefox seems to be quite poor. While I'm satisfied with the Windows sans-serif Korean default font 'Malgun Gothic,' the readability of the Android sans-serif Korean default font is frankly not good.

pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, One UI Sans KR VF, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback");

I understand that the font 'One UI Sans KR VF' was added about three months ago. I'm curious if 'One UI Sans KR VF' is indeed the default Korean font name for Samsung Galaxy. I tried googling for information about this font but couldn't find anything. I feel that the Korean font in Firefox appears slightly different, which makes me curious since I'm using the default font setting on my smartphone. Can't Firefox just follow the default Android font setting like other apps?

Anyway, as I am not an expert, I might not understand the technical aspects well, but what I hope for Firefox is that for Android Korean users, Firefox could accurately recognize the default Android fonts so that even when Samsung Galaxy is upgraded in the future, the fonts won't change to a different, strange font. Honestly, I can't even guess how many Korean users have stopped using Firefox because of this font issue... I suspect the number is quite significant. If you go to the Play Store reviews, you can see comments filled with complaints from Korean users about the fonts. Recently, there have also been a lot of posts in various Korean communities expressing dissatisfaction with the Firefox fonts.

As a user who personally loves Firefox, I am concerned and thus leaving this comment. Thank you.

I understand that the font 'One UI Sans KR VF' was added about three months ago. I'm curious if 'One UI Sans KR VF' is indeed the default Korean font name for Samsung Galaxy. I tried googling for information about this font but couldn't find anything. I feel that the Korean font in Firefox appears slightly different, which makes me curious since I'm using the default font setting on my smartphone.

AFAICT it is the name, and I can't see font differences between other apps and Firefox. Perhaps some renderer difference? Some comparison with screenshots would be helpful.

Can't Firefox just follow the default Android font setting like other apps?

We got the same conclusion last time, do we have a tracking bug for this, Jonathan?

Flags: needinfo?(jfkthame)
Flags: needinfo?(gfmshj6ww)

(In reply to Kagami [:saschanaz] (they/them) from comment #13)

Can't Firefox just follow the default Android font setting like other apps?

We got the same conclusion last time, do we have a tracking bug for this, Jonathan?

This would be covered by bug 1867633, I think.

Flags: needinfo?(jfkthame)
See Also: → 1867633

... which is of course filed by me 😅, thanks!

(In reply to gfmshj6ww from comment #11)

(In reply to Tom Ritter [:tjr] from comment #10)

Hmm... I was using the stable version without any issues when RFP was enabled, just like before. Since I usually use RFP, I didn't think it could be the cause. Has there been any change related to Korean fonts in RFP? When I disabled RFP in the nightly version and accessed the webpage again, the fonts displayed correctly.

Okay, that solves the mystery of why this started happening. Once we added the font list in the commit you linked - RFP started enforcing those visibility restrictions.

However, I really want to use RFP. Is there any way to use the original fonts while using RFP as before? When RFP is enabled in the nightly version, the Korean font changes to one that is very hard to read.

If you really want to use the full RFP feature (knowing its unsupported and breaks things) you can. If you set the prefs in this configuration, you will get RFP behavior without the font visibility restrictions:

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem,-FontVisibilityLangPack,-FontVisibilityRestrictGenerics

That will fix your issue and bring you back to how you were.

But it doesn't address the fact of Firefox not being good for Korean users. There's two aspects to this:

  1. Using a good, desirable font by default which isn't my area of specialty, but seems to be covered by bug 1867633 and is Kagami and Jonathan
  2. Font Visibility Restrictions, which prevent using the desired font because we don't allow it. We don't allow it because we don't want to enable users to be fingerprinted by trackers, and while currently only RFP is enforcing this on Android, we want to start FPP enforcing it, which would enable these restrictions in PBM and ETP Strict.

What I can tell you as far as the wild:

  • Noto Sans KR Regular is on 99% of Android v6 phones and virtually nothing else.
  • SEC Regular_SamsungKoreanR are on 32% and 42% of Android 12/13 phones respectively, and virtually nothing else
  • New SEC Korean Regular, and Noto Sans CJK KR are on so few phones they're really on nothing. (example: we have 5 submissions with it)
  • SamsungKorean-Regular is on Android 5/6 (32-42% of all phones), SamsungKorean_v2.0 is on Android 7-11 (~22% of all phones), Samsung Korean_v3.0 is on Android 12-13 (32-42% of all phones) but not Android 14
  • One UI Sans KR VF Regular is on Android 14 (50% of all phones) which I guess is what happened to Samsung Korean_v3.0

All that is for all locales. Which explains why none of those fonts made our visibility list - they're all too small of percentages to be considered universal.

If I limit it to just Korean locales (all phones, not just Samsungs):

  • SEC Regular_SamsungKoreanR has 77% Android 12, 91% Android 13, and 0% Android 14
  • Samsung Korean_v3.0 has 77% Android 12, 91% Android 13, and 0% Android 14
  • One UI Sans KR VF Regular has 0% Android 12-13 and 96% Android 14

This is... unfortunate. I think a short-term solution is to create a langpack-esque list of fonts that we allow in FPP, but not in RFP. It would include those 'very-important' fonts like One UI Sans KR VF so that FPP doesn't look horrible even though they leak some entropy.

We've talked about a system where we detect locale and use that to unlock a subset of langpack fonts, which would be useful for Windows also, but that's a solution for another day if we find it's important.

I will note that even with this solution, and even if we implement Bug 1867633 - it doesn't solve the fact that we have a hardcoded list of fonts and we're struggling to keep up with what manufacturers are doing. Bug 1867633 fixes that problem when font visibility isn't restricted; but we would still have it.

Blocks: 1827475
Summary: Korean fonts appear weirdly on Android starting from version 124. → Create an Android lang-pack font list and allowlist fonts like One UI Sans KR VF
Whiteboard: [qa-triaged] → [qa-triaged][fpp:m?]

(In reply to Tom Ritter [:tjr] from comment #16)

(In reply to gfmshj6ww from comment #11)

(In reply to Tom Ritter [:tjr] from comment #10)

If this issue stems from the different default fonts used across operating systems, could we consider adding three fonts—SamsungKorean_v2.0, Samsung Korean_v3.0, and One UI Sans KR VF Regular—to the StandardFonts-android.inc list? With the font visibility restriction activated from version 124, font readability for Koreans severely deteriorates, rendering it nearly impossible to use. Adjusting the privacy.fingerprintingProtection.overrides setting appears to be the only short-term solution for users. https://github.com/arkenfox/user.js/blob/33a84b608c8a1f871c6ce9c4d2b932dc57078fae/user.js#L708 Regarding this, it is noted on a this page that 'not all RFP protections are necessarily in RFPTargets.' If the settings are adjusted as follows, would it enable the enjoyment of all RFP protections, except for the font visibility limit?

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem,-FontVisibilityLangPack,-FontVisibilityRestrictGenerics

I am also curious if any other RFP protections are omitted apart from the font visibility restriction. Furthermore, if this bug remains unresolved, it implies that Koreans will not be able to completely benefit from RFP and FPP. I am particularly keen to fully leverage RFP on Android, and this bug has been quite distressing. Given the limited number of Korean Firefox users, and even fewer who activate RFP, I am concerned this issue may be significantly deprioritized. Thank you for reading.

Flags: needinfo?(gfmshj6ww)

see Bug 1865238 re One UI Sans KR VF - this was even added to Tor Browser

Assignee: nobody → fkilic
Status: NEW → ASSIGNED
Attachment #9400330 - Attachment description: Bug 1881993 - Allow use of important KR fonts with langpack. r?tjr → Bug 1881993 - Allow use of important fonts through FontVisibilityLangPack. r?tjr

Hello,

I'm unable to reproduce the issue on my end, so I'm looking for someone to try the patch so that we can go verify the patch indeed works. To try this patch, you can try installing the correct build from try (find the version compatible with your phone on the right of the page > Click on green "B" > Switch to Artifacts and Debugging Tools > Download geckoview_example.apk file, and install it), or since the issue mainly relates to Samsung phone, here's a link to the ARM build. After installing it, follow these steps,

  1. Go to about:config
  2. Set these accordingly
  • privacy.resistFingerprinting = false
  • privacy.fingerprintingProtection = true
  • privacy.fingerprintingProtection.overrides = -AllTargets,+FontVisibilityLangPack
  1. Open a Korean website and verify the One UI Sans KR VF font is shown.

gfmshj6ww or Kagami - do you think you'd be able to validate this for us? Fatih and I aren't able to because we don't have the right hardware and also because we have very little confidence in our ability to distinguish the font used in Korean =P

Flags: needinfo?(krosylight)
Flags: needinfo?(gfmshj6ww)

Fatih Kilic or Tom Ritter [:tjr] - Hello, thank you for the quick patch. However, after downloading and installing the ARM build apk you linked, and adjusting the settings you mentioned, I went to the Korean website (ex: daum.net) and checked if the fonts are displayed normally. Some parts of the webpage look good and some parts don't. For example, the title of the post looks good, but the content of the post looks strange.

Also, in the meantime, since version 124
privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem,-FontVisibilityLangPack,-FontVisibilityRestrictGenerics
With this setting, the fonts were displayed normally, but with the APK I installed this time, even with this setting, some are displayed well and some are displayed strangely, just like the above symptoms.

Also, in the past, fonts came out fine when I activated FPP(FingerPrintingProtection) alone, but in the apk I installed this time, some came out fine and some came out weird, just like the above symptoms. The device tested is a Galaxy S21. Thank you again for the quick patch for this issue.

Flags: needinfo?(gfmshj6ww)

(In reply to Fatih Kilic from comment #20)

After installing it, follow these steps,

  1. Go to about:config
  2. Set these accordingly
  • privacy.resistFingerprinting = false
  • privacy.fingerprintingProtection = true
  • privacy.fingerprintingProtection.overrides = -AllTargets,+FontVisibilityLangPack
  1. Open a Korean website and verify the One UI Sans KR VF font is shown.

I installed geckoview_example.apk from https://treeherder.mozilla.org/jobs?repo=try&revision=521012d3668070b3c8128867f3454da20a6b84e6&selectedTaskRun=Uy04PbVyQLGoHePyA9KKrA.2 (because ARM64 shippable build should be closer to what I actually get from Play Store rather than build-android-arm-lite/opt 😛)

The font is shown in https://codepen.io/SaschaNaz/pen/ExrdYXJ, but it works even on the current Nightly without the patches. For the extra step I force-stopped the browser app before trying.

(In reply to gfmshj6ww from comment #22)

I went to the Korean website (ex: daum.net) and checked if the fonts are displayed normally. Some parts of the webpage look good and some parts don't. For example, the title of the post looks good, but the content of the post looks strange.

Can you attach screenshots that show such behavior? I could not confirm that in daum.net.

Flags: needinfo?(krosylight) → needinfo?(gfmshj6ww)
Attached image RFP_240515.jpg
Flags: needinfo?(gfmshj6ww)
Attached image Default_240515.jpg

https://treeherder.mozilla.org/jobs?repo=try&revision=521012d3668070b3c8128867f3454da20a6b84e6&selectedTaskRun=Uy04PbVyQLGoHePyA9KKrA.2

I downloaded it from the link above and tested it. The symptoms are the same in the Nightly 127.0a1 version. I've uploaded a screenshot.

Are you sure you set resistFingerprinting to false? With true it always fails to show the right font. And can you force stop after setting profs (from the Android app info screen) GeckoView and retry it?

Flags: needinfo?(gfmshj6ww)

Yes, I modified the setting in about:config and restarted the app to check it after changing the setting. The RFP_240515.jpg file is with RFP enabled to true, and the Default_240515.jpg file is with RFP turned off to false.

Flags: needinfo?(gfmshj6ww)

But the instruction was to turn off RFP and use fingerprintingPretection, so you mean it's working with the given instruction?

Regardless of whether you set privacy.fingerprintingProtection to true or false, the fonts will display just fine. Only when privacy.resistFingerprinting is set to true is the font visibility restriction applied, resulting in a strange font. It's a very unreadable font that hurts my eyes after just a minute of looking at the screen.

That's exactly my observation, thank you. Fatih, does the answer help?

Flags: needinfo?(fkilic)

Yes, thank you! I also tried with the provided codepen, and can confirm the font can be shown or hidden by setting FontVisibilityLangPack (it requires a force stop though). Thank you!

Flags: needinfo?(fkilic)
Pushed by tritter@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5dfd22e748f2 Allow use of important fonts through FontVisibilityLangPack. r=tjr

But it means the patch doesn't fix anything? The behavior does not change before and after the patch.

So it depends on what preference you have set:

  • privacy.RFP - you're correct, nothing will change. RFP (for Tor Browser) takes a very strict stance about what is an is not allowed.
  • privacy.fingerprintingProtection - On Android, presently, FPP is not enabling any Font Restrictions by default, so if you only have this pref enabled, you shouldn't be having any problems.
  • privacy.fingerprintingProtection plus privacy.fingerprintingProtection.overrides = +FontVisibilityLangPack - This will enabling some font restrictions that frustrate font-based fingerprinting, but it does allow through this one font. We hope to enable this behavior by default when FPP is enabled in the suture, but need to do user testing first.

Does that make sense or did I misunderstand things?

You mean, as mentioned in comment #20, you expect the behavior with:

  • privacy.resistFingerprinting = false
  • privacy.fingerprintingProtection = true
  • privacy.fingerprintingProtection.overrides = -AllTargets,+FontVisibilityLangPack

will change to allow this one font, right? But the current Nightly already allows this one font with the same prefs. That was what I was saying in comment #23.

https://hg.mozilla.org/mozilla-central/rev/5dfd22e748f2

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox128: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
Flags: needinfo?(tom)

(In reply to Natalia Csoregi [:nataliaCs] from comment #37)

https://hg.mozilla.org/mozilla-central/rev/5dfd22e748f2

Galaxy S21 Android Firefox Nightly 128.0a1 (2024-05-23) is still showing the wrong Korean font when RFP is enabled. I thought it was patched, but it seems not...

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics

With these settings, the fonts are displayed normally. However, I want the full RFP effect.

(In reply to gfmshj6ww from comment #38)

(In reply to Natalia Csoregi [:nataliaCs] from comment #37)

https://hg.mozilla.org/mozilla-central/rev/5dfd22e748f2

Galaxy S21 Android Firefox Nightly 128.0a1 (2024-05-23) is still showing the wrong Korean font when RFP is enabled. I thought it was patched, but it seems not...

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics

With these settings, the fonts are displayed normally. However, I want the full RFP effect.

I think the issue is the way the font protection level is set. When you enable AllTargets, the FontVisibilityBaseSystem RFPTarget becomes active too, and here we return the font level as BaseSystem, hence not allowing the fonts in LangPack list. If you want to use fonts in LangPack (which is only One UI Sans KR VF for Android), then you would have to set your overrides as +AllTargets,-FontVisibilityBaseSystem. What this would essentially do is, set the level to LangPack by skipping BaseSystem check.

The status of this issue has been changed to closed, so I just checked in Firefox Nightly 128.0a1(2024-05-31) and the fonts are still weird when I enable RFP. I really want to use RFP, but the fonts are preventing me from doing so.

(In reply to Fatih Kilic from comment #39)
I want to enjoy the full benefits of RFP with a single setting of privacy.resistFingerprinting=true, without overrides via privacy.fingerprintingProtection.overrides.

https://searchfox.org/mozilla-central/source/gfx/thebes/StandardFonts-android.inc

I see that the font “One UI Sans KR VF” is included in the list at the bottom of this page, but strangely enough, the font still looks weird on my phone. The symptoms are still the same. My test device is Galaxy S21. As a Korean, the current RFP font is so horrible that I can't even use it for 10 seconds... I would like to get the full effect of RFP through a standalone RFP switch, not an override through FPP. Please.

(In reply to gfmshj6ww from comment #42)

https://searchfox.org/mozilla-central/source/gfx/thebes/StandardFonts-android.inc

I see that the font “One UI Sans KR VF” is included in the list at the bottom of this page, but strangely enough, the font still looks weird on my phone. The symptoms are still the same. My test device is Galaxy S21. As a Korean, the current RFP font is so horrible that I can't even use it for 10 seconds...

So RFP is a mode designed for Tor (and really, they set the requirements for it.) It is intended to be extremely strict with no compromises, and since exposing that font distinguishes between Samsung and non-Samsung phones - it is not allowed through when RFP is enabled. I don't expect that to change. So if you have RFP enabled, it is expected that One UI Sans KR VF is not used.

I would like to get the full effect of RFP through a standalone RFP switch, not an override through FPP. Please.

What you are asking for is all the effects of RFP except you would like this one particular font through. I hate to say it - but the way to accomplish that with the FPP overrides.

  • privacy.resistFingerpritning = false (if it's still true, the below will have no effect)
  • privacy.fingerprintingProtection = true
  • privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem

This will enable all of the RFP protections (+AllTargets), and then disable the BaseSystem Font Visibility rule. You will still have the LAngPack Font Visbility Rule, which will allow through fonts in the langpack list. Which at the moment is that one singular Samsung font, although it might change in the future if we find another similar font that causes lots of user complaints.

I was trying to validate this last week that this configuration works, but it turns out this font is not available on the web, so I would need someone to extract the font and share it with me for us to test this locally and confirm there isn't a bug in the code.

(In reply to Tom Ritter [:tjr] (OOTO until mid-August) from comment #43)

Thank you for your detailed response. I'm not very technical, so I understand now.

https://github.com/arkenfox/user.js/blob/33a84b608c8a1f871c6ce9c4d2b932dc57078fae/user.js#L708

However, the reason why I preferred the single RFP setting to the FPP overrides setting is that if you look at this page, it says “Be aware that not all RFP protections are necessarily in RFPTargets”, so I wanted to use the single RFP setting because I was worried that even if I excluded only the font visibility restriction feature through the FPP overrides setting, I would miss other fingerprint protection features of the RFP. Is that sentence incorrect?...

Is it correct that Privacy.resistFingerprinting=true and Privacy.fingerprintingProtection.overrides=+AllTargets have the same effect as each other? I'm very curious about this point.

I've tried it on the latest Nightly (128.0a1) version and it works fine with the settings below.

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem

However, in version 126 stable (Mull browser), even if I set the above, font visibility restriction is still enabled, so I set the

I should have set privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics or privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem,-FontVisibilityLangPack.

Because in the stable version, setting privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem or privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityLangPack still enabled font visibility.

So I've been using privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics with this setting.

So, starting with Stable 128, should I use this setting: privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics instead of privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem?

Somehow the overrides pref we are talking about is changing as this thread goes on... per comment #20 I tested with -AllTargets,+FontVisibilityLangPack but per comment #43 it's +AllTargets,-FontVisibilityBaseSystem?

(In reply to Kagami Rosylight [:saschanaz] (they/them) from comment #46)

Somehow the overrides pref we are talking about is changing as this thread goes on... per comment #20 I tested with -AllTargets,+FontVisibilityLangPack but per comment #43 it's +AllTargets,-FontVisibilityBaseSystem?

Yeah hahaha, it is because of +/-AllTargets. (I'm omitting FontVisibility part for better readability) BaseSystem and LangPack are used as a level of protection. Having +AllTargets in overrides enables both BaseSystem and LangPack, and BaseSystem takes precedence over LangPack. So, if you have +AllTargets, you have to disable BaseSystem to set the protection level to LangPack, but if you have -AllTargets, then both BaseSystem and LangPack gets disabled. Then we put +LangPack to set the protection level to LangPack.

Both achieve the same thing for font protection, but -AllTargets,+FontVisibilityLangPack is more isolated/specific because it only enables a single protection while +AllTargets,-FontVisibilityBaseSystem enables all protections available but sets the fontvisibility level to langpack.

(In reply to Fatih Kilic from comment #39)

I think the issue is the way the font protection level is set. When you enable AllTargets, the FontVisibilityBaseSystem RFPTarget becomes active too, and here we return the font level as BaseSystem, hence not allowing the fonts in LangPack list. If you want to use fonts in LangPack (which is only One UI Sans KR VF for Android), then you would have to set your overrides as +AllTargets,-FontVisibilityBaseSystem. What this would essentially do is, set the level to LangPack by skipping BaseSystem check.

(In reply to gfmshj6ww from comment #44)

Thank you for your detailed response. I'm not very technical, so I understand now.

Don't sell yourself short you're doing pretty good in my eyes :)

https://github.com/arkenfox/user.js/blob/33a84b608c8a1f871c6ce9c4d2b932dc57078fae/user.js#L708

However, the reason why I preferred the single RFP setting to the FPP overrides setting is that if you look at this page, it says “Be aware that not all RFP protections are necessarily in RFPTargets”, so I wanted to use the single RFP setting because I was worried that even if I excluded only the font visibility restriction feature through the FPP overrides setting, I would miss other fingerprint protection features of the RFP. Is that sentence incorrect?...

There was a bug recently that the author pointed out to us (Bug 1897590) that was a difference, but we fixed that I believe they behave the same now.

Is it correct that Privacy.resistFingerprinting=true and Privacy.fingerprintingProtection.overrides=+AllTargets have the same effect as each other? I'm very curious about this point.

They should. If they don't, it's a bug we will prioritize.

(In reply to Kagami Rosylight [:saschanaz] (they/them) from comment #46)

Somehow the overrides pref we are talking about is changing as this thread goes on... per comment #20 I tested with -AllTargets,+FontVisibilityLangPack but per comment #43 it's +AllTargets,-FontVisibilityBaseSystem?

Yeah, the initial comment was "Here's how to test this one things specifically" and then it changed into "Here's how to enable everything except this thing you don't want."

(In reply to gfmshj6ww from comment #45)

I've tried it on the latest Nightly (128.0a1) version and it works fine with the settings below.

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem

Great!

However, in version 126 stable (Mull browser),

So I'm not going to be able to reason about Mull browser, because it's going to be setting all sorts of additional things that might interfere. (There are other font visibility preferences that could affect things, for example.)

even if I set the above, font visibility restriction is still enabled, so I set the

I should have set privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics or privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem,-FontVisibilityLangPack.

FontVisibilityRestrictGenerics is a bit complicated, TBH I'm not sure I could explain with absolute confidence what it does. It's described as "Are font visibility restrictions applied when resolving a CSS <generic-family>? (This may block the fonts selected in Preferences from actually being used.)" So -FontVisibilityRestrictGenerics means that if you set the browser's font preference* to the Samsung font, and a generic font familt like 'serif' or 'sans-serif' could resolve to it, even if it was in a restricted list. I think.

* I'm not sure you can set the default font in android off the top of my head. I know you can do it in Desktop.

-FontVisibilityBaseSystem,-FontVisibilityLangPack will remove all font restrictions, which means not only will Samsung One UI KR VF be allowed through, but so will all the other random Samsung fonts.

So, starting with Stable 128, should I use this setting: privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityRestrictGenerics instead of privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem?

I think the answer is "Use whichever of those works for you", but the second one is my recommendation.

Flags: needinfo?(tom)

(In reply to Tom Ritter [:tjr] (OOTO until mid-August) from comment #48)
Thank you so much for your detailed answer!!! From now on, I will use the following settings from version 128 as you said.
privacy.resistFingerpritning = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-FontVisibilityBaseSystem

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: