On 2014-02-20 8:19 PM, John Daggett wrote:
Hmm. My point is that preventing fingerprinting is not something that I think we can do by simply tweaking features here and there like this. I think we actually need to disable a large set of features available from script to be able to prevent sniffing of the system environment. That means giving the user the option to enable a mode with the understanding that many web features won't work. That's a big choice that a user needs to make. Neutering the availability of platform fonts has significant downsides and I don't think a browser that does this by default will be competitive in the market. An opt-in feature that disables lots of web platform features to reduce the ability to fingerprint a user, including mucking with the font list, would make sense but I don't think that's a first-pass feature requirement for Servo.
I suspect the Tor Browser Bundle people would be interested in such a feature in Gecko, possibly even in helping develop it. I know they've expressed concern about fingerprintability via things like system fonts. (and yes, people do want to use TBB with scripting enabled)
zw _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
