bug tracking - self destructs in 10 seconds
Thorin-Oakenpants opened this issue · 16 comments
[bleep] [censored] [top secret] [redacted] [classified] [witchhunt] [russia]
they're tracking you bro .. amazon drones are in the air
lol. have you seen the spaceX satellites in the night sky yet? I only saw them once when I went out for a smoke late at night.
I was equally shocked and amazed. kinda spooky :)
not seen em, but fuck Elon Musk ruining my view
don't worry, you'll see them when they have all 12000 planned satellites up there!!!
fu....uuuuck ... I'll have to stick pebbles in my shoes to hide my gait, and mask up like trump, and wear tinfoil and reflectacles so they can't FP my biometrics .. maybe stop my heart beating or make it super irregular
is that video time lapsed? Anyway, can;t see shit down here, we're too remote, practically on the edge of the flat disc
is that video time lapsed?
nope, that's pretty much how I saw it too. Only difference was that I only saw them in a limited space "window", like the ones at the front went out of view at a certain point and new ones came into view from the back. They were pretty low on the horizon and I guess the sun only reflected them into view in that limited space window
so I basically reset my system fonts
here's RFP only in FF81 (note I have 9 styles in Arial, 6 in calibri) .. 68 fonts detected
Arial, Arial Black, Arial Narrow, Calibri, Calibri Light, Calibri Light Italic, Cambria, Cambria Math, Candara, Comic Sans MS, Consolas, Constantia, Corbel, Courier, Courier New, Ebrima, Gabriola, Georgia, Helvetica, Impact, Lucida Console, Lucida Sans Unicode, Malgun Gothic, Marlett, Microsoft Himalaya, Microsoft JhengHei, Microsoft New Tai Lue, Microsoft PhagsPa, Microsoft Sans Serif, Microsoft Tai Le, Microsoft YaHei, Microsoft Yi Baiti, MingLiU_HKSCS-ExtB, MingLiU-ExtB, Mongolian Baiti, MS Gothic, MS PGothic, MS Pゴシック, MS Sans Serif, MS Serif, MS UI Gothic, MS ゴシック, MV Boli, NSimSun, Palatino Linotype, PMingLiU-ExtB, Roman, Segoe Print, Segoe Script, Segoe UI, Segoe UI Light, Segoe UI Semibold, Segoe UI Symbol, SimSun, SimSun-ExtB, Small Fonts, Sylfaen, Symbol, Tahoma, Times, Times New Roman, Trebuchet MS, Twemoji Mozilla, Verdana, Webdings, Wingdings, 宋体, 微软雅黑
what is the diff from yours: Arial Narrow and is there anything else?
Here's pantopticlick (so yeah, it picked up a few more like Consolas etc that you pointed out, now my system fonts are "normal")
Arial, Arial Black, Arial Narrow, Calibri, Cambria, Cambria Math, Comic Sans MS, Consolas, Courier, Courier New, Georgia, Helvetica, Impact, Lucida Console, Lucida Sans Unicode, Microsoft Sans Serif, MS Gothic, MS PGothic, MS Sans Serif, MS Serif, Palatino Linotype, Segoe Print, Segoe Script, Segoe UI, Segoe UI Light, Segoe UI Semibold, Segoe UI Symbol, Tahoma, Times, Times New Roman, Trebuchet MS, Verdana, Wingdings
68 fonts detected
I get 65
what is the diff from yours
I don't have Arial Narrow, Calibri Light, Calibri Light Italic. The other 65 are the same as yours
hah, I just guessed as much in the other thread
It looks pretty solid to me if there's only a few extra styles to create entropy. 220 million FF users with RFP on, one day .. ... maybe ... Of course it would be better if they move away from families and actually use individual styles
Of course it would be better if they move away from families and actually use individual styles
yeah totally. It looks like if a user or another software installs additional styles of a font in the allowlist then that gets allowed too. That should not be happening. Fe in your case, Arial Narrow is not in the list and should not be allowed.
I don't know how all that plays out in Linux or Mac, but I think we could open a ticket with some evidence: i.e issue at user.js and ask windows users to post results - and then you and I can keep a list of diffs - e.g. me being a control set, or something?
edit: we would post a hash and detail the results .. and ask users only to post both hash and the list if it's a new hash - capsice?
A ticket at bugzilla for jfkthame to follow up on his ToDo on line 7
sounds good 👍
hah, so it's easy to detect if you're gecko based (< 1ms), its easy to detect if you're running RFP (1ms), and now (assuming a whitelist isn't used, and obviously you allow for doc fonts blocked) it's probably easy to infer Win7 vs Win10 based on some fonts: although you could have done that anyway, I guess.
They're not going to bother with win7 - I suspect the number of users will drop and they'll end support maybe in the next ESR (probably the next one after: i.e in two years)
I can see the list being tightened up in several ways
- drop some most-likely not needed crap that causes entropy (i.e move into kLangPacks or create another section, or drop them (comment them out)), like
HoloLens MDL2 Assets(there's another MDL2 there but they both have it: seems part of a family) - reduce the number (this is not to make win7 and win10 more alike, just to eliminate potential entropy within win10): e.g. I'm sure RFP users can get along without some of those fonts (win7 doesn't have Bahnschrift or all those Sitka / Yu Gothic sets for example and we get along fine)
- family styles <-- this
Only some decent data will tell the story. Moz are collecting telemetry on this. Wish I could get a data set