Status
| Provide about:config pref to limit number of fonts loaded per tab | |
| Stage | Definition |
| Status | In progress |
| Release target | ` |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Provide about:config pref to limit number of fonts loaded per tab
|Feature stage=Definition |Feature status=In progress |Feature version=` |Feature health=OK |Feature status note=` }}
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | ` |
| Lead engineer | ` |
| Security lead | ` |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Sid Stamm
|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
EFF's Panoptclock project showed that the fonts installed (and their order) provide 14 bits of entropy to identify users.
2. Users & use cases
-Privacy enhancing tools/addons such as the Tor browsing bundle that could enable this setting without needing to have a firefox fork. -Web Users wanting to reduce their web fingerprint (maybe triggered by private mode) -Web developers wanting to check the fallbacks of their sites.
3. Dependencies
None
4. Requirements
- Must not break (as in make unreadable) international sites. - Must not leak any extra information per page load (solutions might leak information to the same site between loads are not acceptable). - It must stop CSS and Javascript leaks. - Must not prevent chrome from using local fonts.
Non-goals
-Will not try to prevent bad web renderings (bad sizes due the assumptions on the fonts rendered) -Will not prevent OS identification. Each OS has different default fonts and redenering engines, which have layout differences. -Will not prevent font enumeratioon via plugins such as flash.
Stage 2: Design
5. Functional specification
When the setting is enabled, the system will only render w3c generic fonts (serif, sans-serif, monospace, cursive, or fantasy) or downloadable fonts. This will be more expressive than the 'use_document_fonts' preference.
6. User experience design
There will be no UX. The change will be a preference that would be disabled by default.
Stage 3: Planning
7. Implementation plan
We will make changes on "layout/style/nsRuleNode.cpp" so that the CSS fonts would be limited to our font selection. This will be done in two stages:
1. Only allow generic fonts, this would reuse most of the code on related to use_document_fonts. 2. Also allow webfonts, This will be tricky as we need to create a list of valid dowloaded fonts per document. This list would be then checked at the same point to see of we need font replacement or not.
8. Reviews
Security review
`
Privacy review
`
Localization review
This is my largest concern. Currently I manually test against several non-western pages, but I think need a more automated and more comprehensive test/
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
This is tagged with bug 732096 https://bugzilla.mozilla.org/show_bug.cgi?id=732096
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=EFF's Panoptclock project showed that the fonts installed (and their order) provide 14 bits of entropy to identify users. |Feature users and use cases=-Privacy enhancing tools/addons such as the Tor browsing bundle that could enable this setting without needing to have a firefox fork. -Web Users wanting to reduce their web fingerprint (maybe triggered by private mode) -Web developers wanting to check the fallbacks of their sites. |Feature dependencies=None |Feature requirements=- Must not break (as in make unreadable) international sites. - Must not leak any extra information per page load (solutions might leak information to the same site between loads are not acceptable). - It must stop CSS and Javascript leaks. - Must not prevent chrome from using local fonts. |Feature non-goals=-Will not try to prevent bad web renderings (bad sizes due the assumptions on the fonts rendered) -Will not prevent OS identification. Each OS has different default fonts and redenering engines, which have layout differences. -Will not prevent font enumeratioon via plugins such as flash. |Feature functional spec=When the setting is enabled, the system will only render w3c generic fonts (serif, sans-serif, monospace, cursive, or fantasy) or downloadable fonts. This will be more expressive than the 'use_document_fonts' preference. |Feature ux design=There will be no UX. The change will be a preference that would be disabled by default. |Feature implementation plan=We will make changes on "layout/style/nsRuleNode.cpp" so that the CSS fonts would be limited to our font selection. This will be done in two stages:
1. Only allow generic fonts, this would reuse most of the code on related to use_document_fonts. 2. Also allow webfonts, This will be tricky as we need to create a list of valid dowloaded fonts per document. This list would be then checked at the same point to see of we need font replacement or not. |Feature security review=` |Feature privacy review=` |Feature localization review=This is my largest concern. Currently I manually test against several non-western pages, but I think need a more automated and more comprehensive test/ |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=This is tagged with bug 732096 https://bugzilla.mozilla.org/show_bug.cgi?id=732096 |Feature landing criteria=` }}
Feature details
| Priority | P3 |
| Rank | 999 |
| Theme / Goal | Advancing Anonymity |
| Roadmap | Privacy |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | ` |
{{#set:Feature priority=P3
|Feature rank=999 |Feature theme=Advancing Anonymity |Feature roadmap=Privacy |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=` }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}