- Mozilla Connect
- Ideas
- Make “Use Document Fonts” a Site Preference
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Picking from this request for blocking font fingerprinting and also picking along this request to allow specific fonts for pages.
While Firefox makes an effort to block font fingerprinting, this effort is, or at least acts as-if, notoriously limited to known JS-based fingerprinters only. The about:config toggles for CSS font visibility say to distinguish between "system fonts" and "user fonts" but no mechanism is provided to check what fonts fall into each category or why. For example, on Linux any font installed via the package manager is detected as a system font, which causes issues as this makes the system trivially fingerprintable because the font selection of a user is determined by fonts they have installed for tasks beyond their browser.
There is, however, a more direct means to further limit font fingerprinting without causing much issue: make "Use Document Fonts" (pref 'browser.display.use_document_fonts') a Site Preference instead of a global. On sites where the user enables this the renderer would be able to use whatever available fonts (be they local or remote, incl.: FontAwesome) whereas on sites where this is not set, which would include eg.: third-party scripts running in the background, they would not be able to see the font list from that source.
This provides a nice middle ground between the current capabilities of "Use Document Fonts", which is far too nuclear a solution, and some requests to individually set per site what fonts would be allowed, which would lead to copious micromanagement as well as clutter whatever available UI could be designed (just to provide an example: on a Linux system that packages the supplementary Noto Fonts, that adds ~180 font names to each of sans, serif and monospace to the font selector dialog!).
"Use Document Fonts" is but the first of a number of settings that I feel should be converted to per-site preferences in order to improve *all of* privacy, security and accessibility. I will submit new ideas on what other preferences could be included in due time.
- New idea 8,193
- Trending idea 65
- Needs more 1
- In review 12
- Exploring more 11
- In development 70
- Not right now 8
- Delivered 185
- Closed 23
