Closed Bug 1960446 Opened 6 months ago Closed 2 months ago

FontFace API doesn't respect font fingerprinting protection in workers

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

defect

Tracking

()

RESOLVED FIXED
144 Branch
Tracking Status
firefox144 --- fixed

People

(Reporter: fkilic, Assigned: fkilic)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

While I was testing bug 1937096, I realized FontFace also doesn't protect against font fingerprinting. See at https://abrahamjuliot.github.io/fpworker/ (fonts loaded is FontFace API, and fonts detected is the offscreen measure text)

I'll also submit a smaller POC

Running

const blobURL = URL.createObjectURL(
  new Blob(
    [
      "self.addEventListener(",
      "'message',",
      "async function (e) {",
      "  const font = e.data;",
      "  const fontFace = new FontFace(font, 'local(\"' + font + '\")');",
      "  await fontFace.load();",
      "  self.postMessage({",
      "    font: font,",
      "    status: fontFace.status,",
      "  });",
      "});",
    ],
    { type: "application/javascript" }
  )
);
const worker = new Worker(blobURL);
worker.onmessage = console.log;
worker.postMessage("Roboto")

on my OSX machine returns fulfilled, but running

async function tryLoadingFont(e) {
  const font = e.data;
  const fontFace = new FontFace(font, 'local("' + font + '")');
  await fontFace.load();
  return { font: font, status: fontFace.status };
}

await tryLoadingFont("Roboto")

Correctly fails loading the font

I assume here we don't have pres context in workers. Luckily, we now have an not-so-much-of-an-interface-but-almost-an-interface called FontVisibilityProvider. All we have to do is extend it for workers! (though I would also really like to fix the "almost-an-interface" by turning this into an actual base class and extending it for types rather than storing bunch of null ptrs and one non-null ptr inside one class)

Depends on: 1937096
Attached file (secure)
Assignee: nobody → fkilic
Status: NEW → ASSIGNED
Attachment #9479181 - Attachment is obsolete: true
Attachment #9479182 - Attachment description: WIP: Bug 1960446: Add FontVisibilityProvider to Workers, add GetFontVisibilityProvider to FontFaceSet implementations, and use the FontVisibilityProvider of UserFontSet → Bug 1960446: Add FontVisibilityProvider to Workers, add GetFontVisibilityProvider to FontFaceSet implementations, and use the FontVisibilityProvider of UserFontSet. r?tjr,edenchuang
Attachment #9479182 - Attachment description: Bug 1960446: Add FontVisibilityProvider to Workers, add GetFontVisibilityProvider to FontFaceSet implementations, and use the FontVisibilityProvider of UserFontSet. r?tjr,edenchuang → (secure)
Pushed by fkilic@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/6fc1eeb620ac https://hg.mozilla.org/integration/autoland/rev/a29be6b85f49 Add FontVisibilityProvider to Workers, add GetFontVisibilityProvider to FontFaceSet implementations, and use the FontVisibilityProvider of UserFontSet. r=tjr,edenchuang,jfkthame
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 144 Branch
Summary: FontFace doesn't protected against font fingerprinting in workers → FontFace API doesn't respect font fingerprinting protection in workers
Regressions: 1987235
Group: mozilla-employee-confidential
QA Whiteboard: [qa-triage-done-c145/b144]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: