Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Mozilla Firefox Privacy Your Rights Online

Firefox 52 Borrows One More Privacy Feature From the Tor Browser ( 81

An anonymous reader writes: Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts. The user privacy protection system was borrowed from the Tor Browser, where a similar mechanism blocks websites from identifying users based on the fonts installed on their computers, only returning a list of "default fonts" per each OS. While sabotaging system font queries won't stop user fingerprinting as a whole, this is just one of the latest privacy-related updates Mozilla has added to Firefox, taken from Tor. Back in July 2016, Mozilla engineers started the Tor Uplift project, which aims to improve Firefox's privacy features with the ones present in the Tor Browser.
This discussion has been archived. No new comments can be posted.

Firefox 52 Borrows One More Privacy Feature From the Tor Browser

Comments Filter:
  • by Anonymous Coward

    If they really want to help prevent fingerprinting, they would change the user agent to "Firefox." There is no reason for websites to know anything, let alone everything, the detailed user agent provides. Yeah, I know the argument of "but then there is no way to tell if they want/need mobile." Yeah, that is false, if they want mobile, the user will request mobile; plus detection scripts are notoriously inaccurate as I get served mobile pages on Chromebooks (try with a Windows UA vs a Chromebook o

  • by Anonymous Coward

    Wouldn't it be cool if Firefox's private browsing window was just Tor.

  • by CrashNBrn ( 1143981 ) on Friday December 30, 2016 @03:08PM (#53580321)
    Blocking a request for installed fonts is a feel-good outlier, which does nothing to prevent font fingerprinting:
    --> Render Html (not display) in different font families|types, and measure the width of the block element.

    A few ways that might defeat actual font fingerprinting:
    1) UserCSS to apply a font-normalization style that is used for all pages, or
    2) UserScript to replace inline requests for fonts with standard ones, before the page is rendered.... Which only some browsers can do at all.
    3) Run your browser in a jailed-directory or VM, that only has standard system fonts.
  • by Anonymous Coward on Friday December 30, 2016 @04:09PM (#53580779)

    Where do I begin...

    If Firefox developers really care about privacy:
    - Telemetry would NOT be enabled by default
    - Safebrowsing should NOT be there (- it calls home to google for every site you visit)
    - The ability to disable Javascript should NOT require installation of an extension. This option used to be there more than a couple of years ago.
    - about:permissions should be a menu item.
    - Get rid of the stupid intrusive 'gear' button tracking crap when you visit about:blank. The page should be completely blank!
    - Go to about:blank and search for http, and search for 'social'. All this calling home to Facebook and Google garbage should NOT be there!
    - Geo tracking should NOT be in a browser, and should NOT be enabled by default.

    This would be just the start...

    • by Anonymous Coward

      - Telemetry would NOT be enabled by default

      That's not enough. It should be removed completely. Even if it were disabled by default, it would still be present. That means it could inadvertently be re-enabled. Or worse, it could potentially appear to be disabled, but behind the scenes it is actually enabled.

      I can't see how they can justify keeping it in. I'm sure they'll say that they "need" the data, but that's a load of bollocks. Seeing as how Firefox keeps getting worse and worse, whatever information they

    • And add fine-grained cookie permissions like another browser has. Oh, that other browser is older versions of Firefox.

      Letting sites track you until you close your browser is not the same as NOT being tracked. Even the hoard at slashdot doesn't get that.
  • Finally! (Score:4, Insightful)

    by Zitchas ( 713512 ) on Friday December 30, 2016 @04:51PM (#53581081) Journal

    I've been wondering why browsers don't do this for years now. I mean really, it was what, several years ago when it was demonstrated how thoroughly they could fingerprint a browser based off a number of characteristics, including the font list. Why on earth would my OS's entire font list be something that my browser would broadcast to any site that asked for it?!

    Browsers should work the other direction: Only give information that is needed, and in the case of fonts, just give me the site. If I have a particular font, great, if not, it gets rendered in whatever I have. I'm not concerned.

  • That's a good start but shouldn't they borrow all/most features?

The IQ of the group is the lowest IQ of a member of the group divided by the number of people in the group.