Firefox 52 Borrows One More Privacy Feature From the Tor Browser (bleepingcomputer.com) 81
An anonymous reader writes: Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts. The user privacy protection system was borrowed from the Tor Browser, where a similar mechanism blocks websites from identifying users based on the fonts installed on their computers, only returning a list of "default fonts" per each OS. While sabotaging system font queries won't stop user fingerprinting as a whole, this is just one of the latest privacy-related updates Mozilla has added to Firefox, taken from Tor. Back in July 2016, Mozilla engineers started the Tor Uplift project, which aims to improve Firefox's privacy features with the ones present in the Tor Browser.
Re:privacy is overblown (Score:5, Insightful)
if you don't have anything to hide, why worry about privacy?
...says the Anonymous Coward...
Re: privacy is overblown (Score:4, Insightful)
Hello Trump Security Council member 003421
I'm glad that you have taken interest in comrade geekmux. He has been speaking ill of Our Glorious Leader Trump for quite some time now. He will need to be sent to the Re-Edumucation Camps as soon as possible. In addition, we have reason to believe that he enjoys watching Adult Videos where interracial couples are engaging in illegal (since the racial purity act of 2019) coupling. Please be aware of the serious implications this might have on our "Christian" nation.
Please ignore the fact that the single largest denomination/sect in the US is Catholic... and as soon as you bring this fact up... "ohh no, we shouldn't become a 'Christian nation of the Catholic denomination'- nation" is said...
I'm sorry... For daring to think about facts and logic, I'll send myself to the re-edumucation camp later this evening... but please remember to enjoy trolling people who think privacy is at all important.
Re: (Score:2)
Privacy is important for individual mental health, something you obviously lack.
Re: (Score:2)
Possibly for the same reason you're using 'anonymous coward'. Of course, trolling isn't the only use for anon/pseudonymity.
Re: (Score:1)
Re: (Score:1)
Says the guy hiding their own identity.
Re: privacy is overblown (Score:1)
So you want me to implicitly trust the Internet.
How about you first, please install win95, with no patches no antivirus or defences, and store all of your private information there. After all "you have nothing to hide" right?
Re: (Score:1)
With a cavalier attitude...
Re:privacy is overblown (Score:4, Insightful)
Everyone has something to hide. You wouldn't be happy if your bank statements arrived printed on the back of a postcard. You want that information hidden inside an envelope for your privacy.
Everybody has something to hide..... (Score:2)
Re: (Score:2)
if you don't have anything to hide, why worry about privacy?
I have shit to hide.
Re: (Score:1)
RAM: yes, Firefox is somewhat porky, and with the switch to process-per-tab like Chrome that isn't likely to get better anytime soon. OTOH, I can run it in a Win10 tablet with 2G of RAM and, unless some site uses Flash and forces me to enable it, it seldom hits the resident RAM for more than a couple hundred MB. IOW workable. And if you want the ability to at least control (can't eliminate) ubiquitous tracking Chrome (and Edge/IE) are hardly what you would want to use.
Re: (Score:1)
M$-Win10 runs with only 2GB of RAM?!?
Re: (Score:1)
Re: (Score:1)
Re: How about speed and RAM usage fixes? (Score:1)
Yep, I run Firefox on my phone and it's pretty decent if you install ublock origin and turn on tracking protection for normal browsing. Have had troubles with other browsers. Dolphin was good for video but is riddled with bugs, and Chrome is a bit too Big Brother for my liking.
Re:How about speed and RAM usage fixes? (Score:5, Informative)
Same as all the others (Score:5, Interesting)
I'm sure some Firefox supporters will post a bunch of unrealistic benchmarks showing how Firefox can run some convoluted JavaScript benchmark the fastest.
No I wouldn't bother with that. I don't think benchmarks mean much. What I can say is that anecdotally I use all the major browsers routinely and whatever speed difference they have are too insignificant for me to care about. I use Firefox the most because it's the one that annoys me the least but we're talking marginal differences. Safari and Edge aren't available cross platform so they aren't contenders to me though I do use them a fair bit for various reasons. Chrome is fine too - my preference is more based on my work flow and configuration preferences than anything else.
On every computer I've tried, from Windows to OS X to Linux, Firefox feels so much slower than Chrome.
I would disagree with that based on my own usage. I use both routinely and in both cases the constraint on speed is almost always the speed of my internet connection or the speed of the database servicing the information from the other end of the line.
I wouldn't say that Chrome is as much of a winner here, but it isn't unusual for me to look at top or some other process manager and seeing Firefox with many gigabytes of resident memory.
I wouldn't say Chrome is any better at all. Not to any meaningful degree. I'm not criticizing Chrome but I think the problem is just that there is a lot of data to display and keeping a compact memory footprint while maintaining performance is actually a rather challenging problem.
Make Firefox a browser that people are excited to use, rather than one that they dread using.
"Excited to use"? I don't want to get excited about my browser. I want to not notice my browser at all. I just don't want it getting in the way of my work flow. I don't think you could make an "exciting" browser anymore. They're fairly mature technology at this point and I'm ok with that.
Re: (Score:2)
I wouldn't say Chrome is any better at all. Not to any meaningful degree.
I would go further than that. Chrome uses more memory for the same load as Firefox on my system. But generally I don't care. Memory usage doesn't concern me as long as it eventually gets released and doesn't grow uncontrollably. However I have to agree with the GP. Firefox *feels* slower to me. It's why I used Chrome in the first place.
"Excited to use"? I don't want to get excited about my browser.
I don't care about excitement, but I don't want to dread using a browser. This is something I used to do with IE and started doing with Firefox until I gave it the boot in fa
Re:How about speed and RAM usage fixes? (Score:4, Informative)
The same goes for memory usage. I wouldn't say that Chrome is as much of a winner here, but it isn't unusual for me to look at top or some other process manager and seeing Firefox with many gigabytes of resident memory. Yeah, RAM is "cheap" these days, but that doesn't mean I want it to be wasted. Browsing Slashdot and a few other web sites shouldn't lead to gigabyte after gigabyte of memory being consumed!
At least on Windows, the memory and CPU usage is somewhat difficult to compare due to the Chrome being in lots of smallish chunks, but based on my own anecdotal experience, Chrome keeps chugging quite a bit of memory and plenty of CPU per process after a while, so when you count all the processes together, Firefox is often using less CPU and about the same amount of memory than Chrome. I do use the Chrome dev tools more (better source view), but closing them does not seem to help at all.
Re: (Score:2)
We already use a browser's rendering engine for almost everything else, why not emulate fonts?
I have no doubt Firefox's crack engineers are working on fonts.js even as we speak.
Re: (Score:2)
Great then the whole page will look as shitty as the UI.
Font design is an art. Not something that can be slapped together in a few algorithms.
Donald Knuth's Metafont package is great and all, but it is no match for the combined brilliance over 400 years of human type designers.
Re: (Score:2)
That is NOT "we're going to force you to view every page in Times New Roman" it's "We'll only report to the site/server that you have the default fonts that come with the OS"
Re: (Score:2)
I'm getting really worried. I fear that sometime during 2017 we'll see Firefox drop below 5%. I wouldn't be at all surprised if 2017 ended with Firefox down around 3%.
The foundation losing all its money, followed by the sacking of the entire management team, might be the best thing that could happen for the actual Firefox web browser - in the long term, at any rate.
I know I stopped using Firefox a few years ago, once it became apparent the browser itself was of (at best) only secondary importance to the Mozilla Foundation.
I actually said this when the Foundation first... (Score:1)
started.
Most people forget that Phoenix (now known as Firefox) started as a one man independent project to cut all the bloat out of the original Mozilla Suite back in the early '00s. When it first came out it had an extremely spartan GUI, just enough stuff to make websites work, and very little customization available. However, it was faster than shit and once tabbing came in it completely embarassed the Suite's performance in comparison.
As a result of that it got bumped to official mozilla project, over ti
Fix the user agent too (Score:2, Interesting)
If they really want to help prevent fingerprinting, they would change the user agent to "Firefox." There is no reason for websites to know anything, let alone everything, the detailed user agent provides. Yeah, I know the argument of "but then there is no way to tell if they want/need mobile." Yeah, that is false, if they want mobile, the user will request mobile; plus detection scripts are notoriously inaccurate as I get served mobile pages on Chromebooks (try nfl.com with a Windows UA vs a Chromebook o
New Private Window (Score:1)
Wouldn't it be cool if Firefox's private browsing window was just Tor.
Except it doesn't prevent font fingerprinting? (Score:3)
--> Render Html (not display) in different font families|types, and measure the width of the block element.
A few ways that might defeat actual font fingerprinting:
1) UserCSS to apply a font-normalization style that is used for all pages, or
2) UserScript to replace inline requests for fonts with standard ones, before the page is rendered.... Which only some browsers can do at all.
3) Run your browser in a jailed-directory or VM, that only has standard system fonts.
If they really do care (Score:3, Insightful)
Where do I begin...
If Firefox developers really care about privacy:
- Telemetry would NOT be enabled by default
- Safebrowsing should NOT be there (- it calls home to google for every site you visit)
- The ability to disable Javascript should NOT require installation of an extension. This option used to be there more than a couple of years ago.
- about:permissions should be a menu item.
- Get rid of the stupid intrusive 'gear' button tracking crap when you visit about:blank. The page should be completely blank!
- Go to about:blank and search for http, and search for 'social'. All this calling home to Facebook and Google garbage should NOT be there!
- Geo tracking should NOT be in a browser, and should NOT be enabled by default.
This would be just the start...
Re: (Score:2)
That's not enough. It should be removed completely. Even if it were disabled by default, it would still be present. That means it could inadvertently be re-enabled. Or worse, it could potentially appear to be disabled, but behind the scenes it is actually enabled.
I can't see how they can justify keeping it in. I'm sure they'll say that they "need" the data, but that's a load of bollocks. Seeing as how Firefox keeps getting worse and worse, whatever information they
Re: (Score:2)
Letting sites track you until you close your browser is not the same as NOT being tracked. Even the hoard at slashdot doesn't get that.
Finally! (Score:4, Insightful)
I've been wondering why browsers don't do this for years now. I mean really, it was what, several years ago when it was demonstrated how thoroughly they could fingerprint a browser based off a number of characteristics, including the font list. Why on earth would my OS's entire font list be something that my browser would broadcast to any site that asked for it?!
Browsers should work the other direction: Only give information that is needed, and in the case of fonts, just give me the site. If I have a particular font, great, if not, it gets rendered in whatever I have. I'm not concerned.
Re: (Score:2)
Only possible if your browser is willing to part with that information in the first place.
Shouldn't they borrow all/most features? (Score:1)