Saturday, January 14, 2017

Firefox 52 Adds a Tor-Like Font Whitelist to Prevent Fingerprinting through OS Fonts

Researchers from Mozilla scheduled a release for a stable build of Firefox 52—this build’s significance came from a Tor-esque privacy implementation. In the user-submitted bug report, Bug 1121643 from 2015, a user posted that a system’s fonts exposed information about that user. Then, Tor developers, as another user commented, issued a patch to “Bug #13313: Pref ‘font.system.whitelist.’” Tor’s patch to the font fingerprinting initially landed in a remote tracking branch of an early version—5.0-1-build3—of tor-browser-38.1.0esr-5.0-1. And the “bug fix,” if you will, has stayed with Tor since and will become a part of Firefox as of March 7, 2017.

Browser fingerprinting, just like any form of de-anonymization, is not a new type of internet tracking. In many recent cases, the issue relied heavily on human error. Granted, the de-anonymization or pseudo-identification of a browser’s user works both ways. Firefox often pulled privacy techniques from Tor developers and builds and in turn Tor relied on Mozilla’s Firefox Extended Support Release builds to compose the Tor Browser Bundle.

A primary relationship, security-wise, began to grow between both organizations after the FBI refused to disclose their Tor exploit—one that also affected Firefox users. Firefox developers started working on the “Tor Uplift project” that ultimately aimed to reduce fingerprinting in Firefox builds. The fixes first implemented were often basic ones. For instance: if a website requested the variable “screen.orientation.angle” from a Firefox user, Firefox started returning the virtually worthless value of “0.”

Similarly, in 2016, security researcher Jose Carlos Norte demonstrated a javascript flaw in Tor that allowed fingerprinting through page scrolling. Threat actors, in theory, could take advantage of a security flaw like the one Norte disclosed. He notably pointed out that most known methods of browser fingerprinting originated from issues with javascript implementation. We covered the potential flaw in a 2016 article:

“The mouse wheel event in Tor Browser (and most browsers) leaks information of the underlying hardware used to scroll the web page. The event provides information about the delta scrolled, however, if you are using an ordinary computer mouse with a mouse wheel, the delta is always three, but if you are using a trackpad, the deltas are variable and related to your trackpad and your usage patterns.” (jcarlosnorte.com)

Mozilla’s font whitelist patch, in the proposed version and theory, implements a list of OK fonts or technically “whitelist” fonts. A request for a machine’s font family would then, and again—in theory—prevent the website from identifying the operating system beyond a predefined level. While this patch originated from a similar one and current functionality in Tor, the implementation differs slightly. And possibly to a fault. The end of the bug report that ultimately initiated the development of a font whitelist ended with “The scope of this feature is very narrow. Is there a second bug that builds on this one? If not, should I make one. RI/01

No comments:

Post a Comment