Privacy/Features/Pref to limit number of fonts loaded per tab
Status
Provide about:config pref to limit number of fonts loaded per tab | |
Stage | Definition |
Status | In progress |
Release target | ` |
Health | OK |
Status note | ` |
Team
Product manager | Sid Stamm |
Directly Responsible Individual | ` |
Lead engineer | ` |
Security lead | ` |
Privacy lead | ` |
Localization lead | ` |
Accessibility lead | ` |
QA lead | ` |
UX lead | ` |
Product marketing lead | ` |
Operations lead | ` |
Additional members | ` |
Open issues/risks
`
Stage 1: Definition
1. Feature overview
EFF's Panoptclock project showed that the fonts installed (and their order) provide 14 bits of entropy to identify users.
2. Users & use cases
-Privacy enhancing tools/addons such as the Tor browsing bundle that could enable this setting without needing to have a firefox fork. -Web Users wanting to reduce their web fingerprint (maybe triggered by private mode) -Web developers wanting to check the fallbacks of their sites.
3. Dependencies
None
4. Requirements
- Must not break (as in make unreadable) international sites. - Must not leak any extra information per page load (solutions might leak information to the same site between loads are not acceptable). - It must stop CSS and Javascript leaks. - Must not prevent chrome from using local fonts.
Non-goals
-Will not try to prevent bad web renderings (bad sizes due the assumptions on the fonts rendered) -Will not prevent OS identification. Each OS has different default fonts and redenering engines, which have layout differences. -Will not prevent font enumeratioon via plugins such as flash.
Stage 2: Design
5. Functional specification
When the setting is enabled, the system will only render w3c generic fonts (serif, sans-serif, monospace, cursive, or fantasy) or downloadable fonts. This will be more expressive than the 'use_document_fonts' preference.
6. User experience design
There will be no UX. The change will be a preference that would be disabled by default.
Stage 3: Planning
7. Implementation plan
We will make changes on "layout/style/nsRuleNode.cpp" so that the CSS fonts would be limited to our font selection. This will be done in two stages:
1. Only allow generic fonts, this would reuse most of the code on related to use_document_fonts. 2. Also allow webfonts, This will be tricky as we need to create a list of valid dowloaded fonts per document. This list would be then checked at the same point to see of we need font replacement or not.
8. Reviews
Security review
`
Privacy review
`
Localization review
This is my largest concern. Currently I manually test against several non-western pages, but I think need a more automated and more comprehensive test/
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
This is tagged with bug 732096 https://bugzilla.mozilla.org/show_bug.cgi?id=732096
Stage 5: Release
10. Landing criteria
`
Feature details
Priority | P3 |
Rank | 999 |
Theme / Goal | Advancing Anonymity |
Roadmap | Privacy |
Secondary roadmap | ` |
Feature list | ` |
Project | ` |
Engineering team | ` |
Team status notes
status | notes | |
Products | ` | ` |
Engineering | ` | ` |
Security | ` | ` |
Privacy | ` | ` |
Localization | ` | ` |
Accessibility | ` | ` |
Quality assurance | ` | ` |
User experience | ` | ` |
Product marketing | ` | ` |
Operations | ` | ` |