Intent to ship: Font Visibility Restrictions in private browsing windows

[Tim Huang]

We intend to enable font visibility restrictions in private browsing windows from Fx118. To reduce entropy exposed by fonts, we restrict the visibility of fonts to websites. The protection prevents websites from accessing all non-system and non-langpack fonts.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1849903

Standard: n/a

Platform coverage:

It apply on all desktop platforms, including Windows, Mac, and Linux. We won't cover Android momentarily, but we are working on it.

Preference:

The font visibility restrictions in PBM is behind the pref "privacy.fingerprintingProtection.pbmode". We will set this pref to true to enable this protection in private browsing windows. For normal windows, there is another pref called "privacy.fingerprintingProtection" to control the behavior.

This feature was previously discussed in this "Intent to prototype" thread: https://groups.google.com/a/mozilla.org/g/dev-platform/c/tKOOrYXDoHA/m/X4mj4nc-AgAJ

More information can be found there.

--

Tim Huang

Mozilla

email:tih...@mozilla.com

[Gijs Kruitbosch]

Does this apply even for people who have not flipped `privacy.fingerprintingProtection`? And do we have a sense of how many websites would be affected in terms of actually displaying differently as a result?

~ Gijs

--
You received this message because you are subscribed to the Google Groups "dev-pl...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7ML8wJ8RiokqTYKZNNFGYk9t7jwUv0EqTqco%3Dn6KOvDonA%40mail.gmail.com.

[Tim Huang]

Yes, the font visibility restriction will apply to people who don't have `privacy.fingerprintingProtection` flipped. However, the behavior only affects private browsing windows. It won't apply to the normal browsing windows.

We have tested the top tier sites and top designer sites. So far, we haven't found any font-related issues on those sites. So, we believe the protection won't affect the browsing experience of daily usage to average users.

[Chris Peterson]

Do we have any telemetry (like use counters) to measure when a site uses a non-system or non-langpack font? Do we know of any sites that use non-system or non-langpack fonts? I imagine a common case (besides fingerprinting) would be sites using Helvetica, not realizing it's not a default Windows font.

I've been dogfooding the various incarnations of these font visibility prefs ("layout.css.font-visibility.level", "layout.css.font-visibility.standard", "layout.css.font-visibility", and "privacy.fingerprintingProtection") to only show base system fonts on Windows since 2020 (bug 1634677) and haven't noticed any obvious site breakage. (Caveat: I've only tested English language sites.)

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7MLOq6CSuyZcBnDnZ4TDOq1Eveo-Y88HYV0A08JE4MZr-A%40mail.gmail.com.

[Tim Huang]

AFAICT, we don't have telemetry current for this purpose. We tested top sites and top designer sites to see if font visibility restriction causes breakage. So far, we haven't seen any breakages on the sites we tested. 

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/1373e0e5-770f-40ab-b1b4-1fa29e9f8e2e%40mozilla.com.

[Chris Peterson]

Safari has blocked web content from using local user-installed fonts since 2018 (Safari 12 on macOS 10.14), so the webcompat risk seems like it should be low in 2023. OTOH, this 2021 article points to tweets and Stack Overflow posts from web developers frustrated by Safari's behavior.

https://dev.to/masakudamatsu/don-t-locally-host-google-fonts-for-the-sake-of-safari-bkg

https://gizmodo.com/apple-declares-war-on-browser-fingerprinting-the-sneak-1826549108