Privacy/Features/Pref to limit number of fonts loaded per tab
Status
| Provide about:config pref to limit number of fonts loaded per tab | |
| Stage | Definition |
| Status | In progress |
| Release target | ` |
| Health | OK |
| Status note | ` |
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | ` |
| Lead engineer | ` |
| Security lead | ` |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
Open issues/risks
`
Stage 1: Definition
1. Feature overview
EFF's Panoptclock project showed that the fonts installed (and their order) provide 14 bits of entropy to identify users.
2. Users & use cases
-Privacy enhancing tools/addons such as the Tor browsing bundle that could enable this setting without needing to have a firefox fork. -Web Users wanting to reduce their web fingerprint (maybe triggered by private mode) -Web developers wanting to check the fallbacks of their sites.
3. Dependencies
None
4. Requirements
- Must not break (as in make unreadable) international sites. - Must not leak any extra information per page load (solutions might leak information to the same site between loads are not acceptable). - It must stop CSS and Javascript leaks. - Must not prevent chrome from using local fonts.
Non-goals
-Will not try to prevent bad web renderings (bad sizes due the assumptions on the fonts rendered) -Will not prevent OS identification. Each OS has different default fonts and redenering engines, which have layout differences. -Will not prevent font enumeratioon via plugins such as flash.
Stage 2: Design
5. Functional specification
When the setting is enabled, the system will only render w3c generic fonts (serif, sans-serif, monospace, cursive, or fantasy) or downloadable fonts. This will be more expressive than the 'use_document_fonts' preference.
6. User experience design
There will be no UX. The change will be a preference that would be disabled by default.
Stage 3: Planning
7. Implementation plan
We will make changes on "layout/style/nsRuleNode.cpp" so that the CSS fonts would be limited to our font selection. This will be done in two stages:
1. Only allow generic fonts, this would reuse most of the code on related to use_document_fonts. 2. Also allow webfonts, This will be tricky as we need to create a list of valid dowloaded fonts per document. This list would be then checked at the same point to see of we need font replacement or not.
8. Reviews
Security review
`
Privacy review
`
Localization review
This is my largest concern. Currently I manually test against several non-western pages, but I think need a more automated and more comprehensive test/
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
This is tagged with bug 732096 https://bugzilla.mozilla.org/show_bug.cgi?id=732096
Stage 5: Release
10. Landing criteria
`
Feature details
| Priority | P3 |
| Rank | 999 |
| Theme / Goal | Advancing Anonymity |
| Roadmap | Privacy |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | ` |
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
