Skip to content

Only use a subset of user-installed fonts to farble #34043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
arthuredelstein opened this issue Nov 1, 2023 · 5 comments · Fixed by brave/brave-core#20805
Closed

Only use a subset of user-installed fonts to farble #34043

arthuredelstein opened this issue Nov 1, 2023 · 5 comments · Fixed by brave/brave-core#20805
Assignees
@arthuredelstein
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Milestone
1.62.x - Release

Comments

@arthuredelstein
Copy link

arthuredelstein commented Nov 1, 2023
edited
Loading

We are going to constrain font farbling to only those that are present on the fingerprint.js script.
@arthuredelstein arthuredelstein added OS/Android Fixes related to Android browser functionality OS/Desktop labels Nov 1, 2023
@arthuredelstein arthuredelstein self-assigned this Nov 1, 2023
@arthuredelstein arthuredelstein changed the title font whitelist only leak of subset of fonts when farbling Nov 1, 2023
@arthuredelstein arthuredelstein mentioned this issue Nov 1, 2023
Merged
25 tasks
@arthuredelstein arthuredelstein changed the title only leak of subset of fonts when farbling only use a subset of user-installed fonts to farble Nov 1, 2023
@brave-builds brave-builds added this to the 1.62.x - Nightly milestone Nov 3, 2023
@stephendonner
Copy link

Hi @arthuredelstein ! Mind adding a testplan here, when you get a chance? Thanks! Adding QA/Blocked and QA/Test-Plan-Required just until we've got that, and then we'll be fully unblocked 👍

@arthuredelstein
Copy link
Author

QA test plan: Please confirm that this test still behaves as expected: https://dev-pages.brave.software/fingerprinting/fonts.html
Also it may be useful to repeat the test with a difference preferred language.

@arthuredelstein arthuredelstein mentioned this issue Nov 18, 2023
Closed
@arthuredelstein arthuredelstein mentioned this issue Nov 22, 2023
Closed
25 tasks
@stephendonner
Copy link

stephendonner commented Nov 22, 2023
edited
Loading

Verification PASSED using

Brave | 1.62.73 Chromium: 119.0.6045.163 (Official Build) nightly (x86_64)
-- | --
Revision | 522e9147d931744b1641084046c197caf7b341f0
OS | macOS Version 11.7.10 (Build 20G1427)

Steps:

  1. installed 1.62.73
  2. launched Brave
  3. loaded https://dev-pages.brave.software/fingerprinting/fonts.html
  4. followed the instructions from the above page (I already have fredoka one installed from past tests; the font is no longer available at the link provided)
  5. clicked Start tests
  6. confirmed the Control and Test widths of the sample string mmmmmmmmmmlli are the same
  7. clicked on the Other site link at https://dev-pages.brave.software/fingerprinting/fonts.html

Confirmed both sets of test pages pass

example example example
Screen Shot 2023-11-22 at 11 40 31 AM Screen Shot 2023-11-22 at 11 36 24 AM Screen Shot 2023-11-22 at 11 36 33 AM

Also installed and configured Spanish - United States:

example example example example
Captura de Pantalla 2023-11-22 a la(s) 11 46 19 a  m Captura de Pantalla 2023-11-22 a la(s) 11 49 10 a  m Captura de Pantalla 2023-11-22 a la(s) 11 49 19 a  m Captura de Pantalla 2023-11-22 a la(s) 11 49 23 a  m

@MadhaviSeelam
Copy link

MadhaviSeelam commented Dec 8, 2023
edited
Loading

Verification Passed using

Brave | 1.62.100 Chromium: 120.0.6099.71 (Official Build) beta (64-bit)
-- | --
Revision | ac084eaa0f81aa9ef631c2ca81a02469a4ee1a4a
OS | Windows 11 Version 22H2 (Build 22621.2715)

Steps:

  1. installed 1.62.100
  2. launched Brave
  3. loaded https://dev-pages.brave.software/fingerprinting/fonts.html
  4. followed the instructions from the above page (installed fredoka one via github; the font is no longer available at the link provided)
  5. clicked Start tests
  6. confirmed the Control and Test widths of the sample string mmmmmmmmmmlli are the same
  7. clicked on the Other site link at https://dev-pages.brave.software/fingerprinting/fonts.html

Confirmed both sets of test pages pass

example example example
image image image

Also installed and configured France:

example example example example
image image image image

@arthuredelstein arthuredelstein added OS/Android Fixes related to Android browser functionality and removed OS/Android Fixes related to Android browser functionality labels Jan 3, 2024
@hffvld
Copy link
Contributor

hffvld commented Jan 10, 2024

Verified on Pixel 7 using version(s):

Device/OS: Pixel 7 / panther_beta-user 14 AP11.231020.013.A1 release-keys
Brave build: 1.62.130
Chromium: 120.0.6099.199 (Official Build) beta (64-bit)

Filed follow-up issue #35188

STEPS:

  1. Use Samsung device
  2. Launch Chrome > Go to https://arthuredelstein.net/demos/font.html
  3. Confirm that Attempting to load Samsung Color Emoji uses Samsung emoji design
  4. Launch Brave > Go to https://arthuredelstein.net/demos/font.html
  5. Disable Brave Shields > Confirm that Attempting to load Samsung Color Emoji uses Samsung emoji design
  6. Now enable Brave shields > Refresh the page > Observe, that Brave still uses Samsung emoji design instead of Google Noto Emoji design

ACTUAL RESULTS:

  • Observed that font restrictions are not getting applied on Android devices.
Chrome Brave. Shields OFF Brave. Shields ON
1 2 3

@rebron rebron changed the title only use a subset of user-installed fonts to farble Only use a subset of user-installed fonts to farble Jan 23, 2024
@LaurenWags LaurenWags mentioned this issue Jan 24, 2024
Closed
@kjozwiak kjozwiak mentioned this issue Jan 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include
Projects
None yet
Milestone
1.62.x - Release
Development

Successfully merging a pull request may close this issue.

Only allow farbling of a subset of user-installed fonts brave/brave-core
6 participants
@arthuredelstein @stephendonner @LaurenWags @brave-builds @MadhaviSeelam @hffvld