Privacy/Features/Pref to limit number of fonts loaded per tab

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Provide about:config pref to limit number of fonts loaded per tab
Stage Definition
Status In progress
Release target `
Health OK
Status note `


Product manager Sid Stamm
Directly Responsible Individual `
Lead engineer `
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks


Stage 1: Definition

1. Feature overview

EFF's Panoptclock project showed that the fonts installed (and their order) provide 14 bits of entropy to identify users.

2. Users & use cases

-Privacy enhancing tools/addons such as the Tor browsing bundle that could enable this setting without needing to have a firefox fork. -Web Users wanting to reduce their web fingerprint (maybe triggered by private mode) -Web developers wanting to check the fallbacks of their sites.

3. Dependencies


4. Requirements

- Must not break (as in make unreadable) international sites. - Must not leak any extra information per page load (solutions might leak information to the same site between loads are not acceptable). - It must stop CSS and Javascript leaks. - Must not prevent chrome from using local fonts.


-Will not try to prevent bad web renderings (bad sizes due the assumptions on the fonts rendered) -Will not prevent OS identification. Each OS has different default fonts and redenering engines, which have layout differences. -Will not prevent font enumeratioon via plugins such as flash.

Stage 2: Design

5. Functional specification

When the setting is enabled, the system will only render w3c generic fonts (serif, sans-serif, monospace, cursive, or fantasy) or downloadable fonts. This will be more expressive than the 'use_document_fonts' preference.

6. User experience design

There will be no UX. The change will be a preference that would be disabled by default.

Stage 3: Planning

7. Implementation plan

We will make changes on "layout/style/nsRuleNode.cpp" so that the CSS fonts would be limited to our font selection. This will be done in two stages:

1. Only allow generic fonts, this would reuse most of the code on related to use_document_fonts. 2. Also allow webfonts, This will be tricky as we need to create a list of valid dowloaded fonts per document. This list would be then checked at the same point to see of we need font replacement or not.

8. Reviews

Security review


Privacy review


Localization review

This is my largest concern. Currently I manually test against several non-western pages, but I think need a more automated and more comprehensive test/



Quality Assurance review


Operations review


Stage 4: Development

9. Implementation

This is tagged with bug 732096

Stage 5: Release

10. Landing criteria


Feature details

Priority P3
Rank 999
Theme / Goal Advancing Anonymity
Roadmap Privacy
Secondary roadmap `
Feature list `
Project `
Engineering team `

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `