The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-16T18:53:58Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42462investigate mpris + disk data2024-03-16T18:53:58ZThorininvestigate mpris + disk dataAFAICT [this](https://searchfox.org/mozilla-central/search?q=mpris&path=&case=false&regexp=false) is a linux (gtk?) thing - and at least with `media.hardwaremediakeys.enabled` creates video thumbnails - I have not tested or verified
cc ...AFAICT [this](https://searchfox.org/mozilla-central/search?q=mpris&path=&case=false®exp=false) is a linux (gtk?) thing - and at least with `media.hardwaremediakeys.enabled` creates video thumbnails - I have not tested or verified
cc @pierovhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40348Snowflake addon not found in firefox store2024-03-16T17:04:01ZSven GottwaldSnowflake addon not found in firefox storeI followed the link on [Browser Snowflake proxy](https://community.torproject.org/relay/setup/snowflake/browser/) that leads to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/. The page says:
> **Oops! We can’t find...I followed the link on [Browser Snowflake proxy](https://community.torproject.org/relay/setup/snowflake/browser/) that leads to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/. The page says:
> **Oops! We can’t find that page**
>
> If you’ve followed a link from another site for an extension or theme, that item is no longer available. This could be because:
> - The developer removed it. Developers commonly do this because they no longer support the extension or theme, or have replaced it.
> - Mozilla removed it. This can happen when issues are found during the review of the extension or theme, or the extension or theme has been abusing the terms and conditions for addons.mozilla.org. The developer has the opportunity to resolve the issues and make the add-on available again.
>
> Try visiting the page later, as the theme or extension may become available again. Alternatively, you may be able to find what you’re looking for in one of the available extensions or themes, or by asking for help on our community forums.https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135Fastly blocked domain fronting2024-03-15T17:12:53ZGusFastly blocked domain frontingIt seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use...It seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use with this connection.
```
@ValdikSS reported this issue 3 days ago on Net4people BBS: https://github.com/net4people/bbs/issues/309#issuecomment-1968514057
This issue is affecting:
- Moat, Connection Assist, and Snowflake.
For Snowflake, meek-azure broker seems to be working fine:
```
Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
```Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/78GitHub deployment improvements2024-03-15T17:09:23ZSilvio RhattoGitHub deployment improvements* [ ] Setup automatic mirroring to https://github.com/onion-launchpad/onion-launchpad.github.io.
This will probably need a dedicared user or use the `torproject` account.
* [ ] Use the similar naming scheme for por GitLab and GitHu...* [ ] Setup automatic mirroring to https://github.com/onion-launchpad/onion-launchpad.github.io.
This will probably need a dedicared user or use the `torproject` account.
* [ ] Use the similar naming scheme for por GitLab and GitHub deployments in the INI config files?
* [ ] Use variables instead of secrets. Currently this is in beta but may change soon:
> Note: Configuration variables for GitHub Actions are in beta and
> subject to change.
>
> -- https://docs.github.com/en/actions/learn-github-actions/variables
> as of 2023-01-30https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/62Review project permissions on deployed instances2024-03-15T17:08:45ZSilvio RhattoReview project permissions on deployed instancesReview the [automation script](tpo/onion-services/onion-launchpad#58) to set only the minimum project permissions for landing pages to work.Review the [automation script](tpo/onion-services/onion-launchpad#58) to set only the minimum project permissions for landing pages to work.https://gitlab.torproject.org/tpo/tpa/team/-/issues/29677evaluate password management options2024-03-15T16:08:54Zanarcatevaluate password management optionsduring the [org/meetings/2017Montreal/Notes/BusFactor](https://gitlab.torproject.org/legacy/trac/-/wikis/org/meetings/2017Montreal/Notes/BusFactor) session, one of the things that was discussed was the password management system that is ...during the [org/meetings/2017Montreal/Notes/BusFactor](https://gitlab.torproject.org/legacy/trac/-/wikis/org/meetings/2017Montreal/Notes/BusFactor) session, one of the things that was discussed was the password management system that is (was?) stored in SVN. Specifically:
* We need a better password management solution than the one we have in corporate SVN right now.
* We should look over if the password's in this database should be rotated.
* Figure out if the passwords for paypal have been rotated by Jon et al and ensure that it will be put in the password database. We should also look into the "paypal dongle" or 2-step authentication?
I have some experience reviewing password managers, so I might be able to provide some advice here if someone expands on the requirements and problems with the current approach.
Here are the known password managers currently in use:
* TPA has a `tor-passwords` repository which uses [weasel's pwstore](https://github.com/weaselp/pwstore/)
* administration also store passwords in SVN
* Puppet generates passwords on the fly using a puppet-specific token (this might get replaced by trocla eventually, see #30009)
* Tor browser team's "military-grade post-quantum encrypted point-to-point subspace transmission"
* each worker probably has their own individual password managers, brains, and post-it notes on screens (hopefully no!) which we don't exactly know about
Possible replacements:
* [password-store](https://www.passwordstore.org/) AKA `pass` AKA OpenPGP encrypted files in a git repository, replacement for pwstore
* [trocla](https://github.com/duritong/trocla) - already used in Puppet, see #30009
* [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml) - pluggable encryption for Hiera keys (includes optional GPG support, PKCS#7 by default)
* [arver](https://code.immerda.ch/immerda/apps/arver/) - "tool to manage luks devices and maintain the access of users"
* [rotx](https://rotx.dev/) - very new player, interesting cleanroom implementation
* [bitwarden](https://en.wikipedia.org/wiki/Bitwarden) - open core, client/server model, would be more fit as a organisation-wide service
Next steps:
* [x] replace pwstore with password-store (#41522)
* [x] replace hkdf() by trocla in Puppet (#30009)
* [ ] move root passwords to trocla (#33332)?
* [ ] move LUKS passwords to Arver or keep in pwstore?
* [ ] consider deploying an organisation-wide password manager (testing vaultwarden in #41541)anarcatanarcat2024-02-15https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/7449TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various ...2024-03-15T16:04:30ZTracTorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player 1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
3. See the dialog: `External application is needed to handle`... 1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
3. See the dialog: `External application is needed to handle` with two buttons: `launch` and `cancel`.
4. Only launch is available to start download. Select it.
5. Second dialog asks to open with `/usr/bin/xpdf (default)` or `Save`.
6. Don't press `Save` immediately. See in a terminal random name of file, sometimes with a part of contents:
{{{
ls -la /tmp
$ file /tmp/oeXvw4D+.pdf.part
/tmp/oeXvw4D+.pdf.part: PDF document, version 1.5
}}}
Tbb ignored `tor-browser_en-US/tmp` and use system /tmp
7. After pressing `Save` file removed from /tmp.
This behaviour potentially affects users local anonimity with unencrypted and non-attached to memory system /tmp dirs; and affects users with portable TorBrowser versions. Partially downloaded files will saved in /tmp in the cases of TBB crushes or not completely erased. Will be preferably to isolate TorBrowser activity in user local catalogs only.
**Trac**:
**Username**: unknownhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20339tor-browser mozilla_user0 directory often appear in /tmp2024-03-15T16:04:30ZTractor-browser mozilla_user0 directory often appear in /tmptor-browser-linux64-6.0.5_en-US
sometimes a this directory appear: /tmp/mozilla_user0
Modification time is updated every now and then.
I think is used to store temporary data ( user data ? ).
That doesn't happen often.
For example it h...tor-browser-linux64-6.0.5_en-US
sometimes a this directory appear: /tmp/mozilla_user0
Modification time is updated every now and then.
I think is used to store temporary data ( user data ? ).
That doesn't happen often.
For example it happen sometimes watching youtube ( maybe some advertisement or script ?) and when a download is finished to save to disk in mega, the site.
This happen when I run Tor Browser.
It happen every now and then, frequently.
My privacy settings are at default ( low ).
If I delete that directory, sometimes it is recreated.
If I close Tor-Browser, the directory stay there.
Which conditions let the directory mozilla_user0 appear in /tmp ?
What about linux x86 (32bit), Windows and macOS versions ?
That could be privacy related or worse?
Happy to contribute
**Trac**:
**Username**: anonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/1067Implement client part of prop340: packed and fragmented relay messages2024-03-14T19:43:15ZJim NewsomeImplement client part of prop340: packed and fragmented relay messages[prop340]
Draft implementation plan:
* [x] Finish [ntorv3 (prop332)](https://spec.torproject.org/proposals/332-ntor-v3-with-extra-data.html). #1084
* [ ] Implement negotiation for [prop340] itself. EDIT: spec for negotiation may be in...[prop340]
Draft implementation plan:
* [x] Finish [ntorv3 (prop332)](https://spec.torproject.org/proposals/332-ntor-v3-with-extra-data.html). #1084
* [ ] Implement negotiation for [prop340] itself. EDIT: spec for negotiation may be in flux, since current version in prop340 doesn't align with prop346; see https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/170. (Q: maybe also behind an "experimental" compile-time feature?)
* [ ] add new consensus and config parameter "UseRelayMessage", as specified in prop340
* [ ] add new subprotocol variant "RelayCell"
* [ ] add new ntorv3 extension types 3 and 4 "Relay Cell Protocol Request" and "Response"
* [ ] when enabled, and creating a circuit with a relay supporting ntorv3 (`Relay=4`) and the new cell format (`RelayCell=1`) (Q: or select only such relays?), request version 1 of in ntorv3 "Relay Cell Protocol Request"
* [ ] when enabled, and relay has advertised support, switch to prop340 cell format. (initially log an "unimplemented" error just to verify we get this far in integration testing and destroy the circuit)
* [ ] Implement the [prop340] new cell format. (e.g. omitting stream ID instead of setting it to 0 etc)
* [x] Refactor `StreamId` to always be nonzero, replacing usage with `Option<StreamId>`. https://gitlab.torproject.org/tpo/core/arti/-/issues/1080
* [ ] Refactor to decouple cells from messages (#763+ and #775+)
* [ ] Implement packing
* [ ] Implement fragmentation
[prop340]: <https://spec.torproject.org/proposals/340-packed-and-fragmented.html>Jim NewsomeJim Newsomehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/32Missing web-standard headers2024-03-14T19:37:03ZHaz Æ 41Missing web-standard headersHey,
Currently the WebSocket negotiation is not web-standard because some headers are missing. This can compromise the fact that bridges are WebTunnel bridges and not regular WebSocket servers actually used on the web. For example someo...Hey,
Currently the WebSocket negotiation is not web-standard because some headers are missing. This can compromise the fact that bridges are WebTunnel bridges and not regular WebSocket servers actually used on the web. For example someone could send a HTTPS request to a bridge and immediately know that it's a "fake" WebSocket server based on the headers. Additionally, clients should also send some web-standards headers, just in case the plain request is seen by some MITM proxy like CloudFlare.
Client should send
- `User-Agent` with a spoofed user-agent like Chrome on Windows 11
- `Origin` with a spoofed origin (probably the same as `Host` but with `https://`)
- `Cache-Control` with value `no-cache`
- `Pragma` with value `no-cache`
- `Accept-Language` with a spoofed value like `en-US,en`
- `Sec-WebSocket-Key` with a base64-encoded random 16-bytes string
e.g. `base64_padded(random(16))` => `a7ECc1UoTpaIpPbs0Mq8eA==`
- `Sec-WebSocket-Version` with value `13` (the latest WebSocket standard)
Server should respond
- `Sec-Websocket-Accept` with the base64-encoded SHA-1 of the concatenation of the value of `Sec-WebSocket-Key` with `258EAFA5-E914-47DA-95CA-C5AB0DC85B11` both took as utf8/ascii
e.g. `base64_padded(sha1(concat(utf8_to_bytes(get("Sec-WebSocket-Key")), utf8_to_bytes("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"))))` => `+ovyba4oZqzDi2gR26ncKXa9SCk=`
- `Date` with the date of the response as `<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT`
I can work on this and make a pull request if needed.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41355prometheus node exporter conflicts with dsa-update-apt-status2024-03-14T19:05:13ZJérôme Charaouilavamind@torproject.orgprometheus node exporter conflicts with dsa-update-apt-statusIn recent days there has been a notable increase in conflicts between the prometheus node exporter script and `dsa-update-apt-status`:
E: Could not get lock /var/lib/apt/lists/lock. It is held by process 1204067 (python3)
E: Una...In recent days there has been a notable increase in conflicts between the prometheus node exporter script and `dsa-update-apt-status`:
E: Could not get lock /var/lib/apt/lists/lock. It is held by process 1204067 (python3)
E: Unable to lock directory /var/lib/apt/lists/
This seems to be a manifestation of Debian bug [#1028212: prometheus-node-exporter-collectors: APT update deadlock - prevents unattended security upgrades](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028212).anarcatanarcat2024-05-07https://gitlab.torproject.org/tpo/core/arti/-/issues/1334In tor-ptmgr, make managed pts optional2024-03-14T16:15:19ZNick MathewsonIn tor-ptmgr, make managed pts optionalWith !2043, tor-ptmgr will have support for unmanaged pts. But the current design means that anyone who only wants unmanaged pts will still have to carry the code for managed pts.
We might want to adjust `tor-ptmgr` so that managed plu...With !2043, tor-ptmgr will have support for unmanaged pts. But the current design means that anyone who only wants unmanaged pts will still have to carry the code for managed pts.
We might want to adjust `tor-ptmgr` so that managed pluggable transports, and the ipc protocol, are all behind a feature flag.https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/79Support for deploying under GitLab and GitHub user spaces2024-03-14T14:52:13ZSilvio RhattoSupport for deploying under GitLab and GitHub user spacesRight now both GitLab and GitHub deployment scripts are group/organization based.
With a few tweaks it might be possible to support deployments also under the user spaces, like https://gitlab.com/some-user/some-user.gitlab.io.Right now both GitLab and GitHub deployment scripts are group/organization based.
With a few tweaks it might be possible to support deployments also under the user spaces, like https://gitlab.com/some-user/some-user.gitlab.io.https://gitlab.torproject.org/tpo/web/dev/-/issues/15Get staging site ready for review by TPO2024-03-14T14:33:01ZGabagaba@torproject.orgGet staging site ready for review by TPO- [x] repo: force-push new HUGO site into https://gitlab.torproject.org/tpo/web/dev (@anxhelo )
- [ ] staging: use pages for it until build pipeline is ready (@lavamind )
- [ ] triage/clean issues in web/dev (gaba)
- [ ] edit/curate cont...- [x] repo: force-push new HUGO site into https://gitlab.torproject.org/tpo/web/dev (@anxhelo )
- [ ] staging: use pages for it until build pipeline is ready (@lavamind )
- [ ] triage/clean issues in web/dev (gaba)
- [ ] edit/curate content (gaba)
- [ ] send to tor-internal for review
@anxhelo please fill free to force-push your code into this repo.anxheloanxhelo2024-03-15https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42461Check what HTTPS resolver changes imply2024-03-14T13:39:33ZPier Angelo VendrameCheck what HTTPS resolver changes implyhttps://bugzilla.mozilla.org/show_bug.cgi?id=1874464https://bugzilla.mozilla.org/show_bug.cgi?id=1874464https://gitlab.torproject.org/tpo/community/l10n/-/issues/40131Add more screenshots for the Tor Browser translations2024-03-14T13:34:43ZemmapeelAdd more screenshots for the Tor Browser translationsThe browser strings need more context for a good translation, especially the ones with variables that make translators confused.
At the moment the Tor Browser strings without screenshots can be listed here: https://hosted.weblate.org/se...The browser strings need more context for a good translation, especially the ones with variables that make translators confused.
At the moment the Tor Browser strings without screenshots can be listed here: https://hosted.weblate.org/search/tor/tor-browser/?q=+language%3Aen+and+NOT+has%3Ascreenshot+and+not+component%3Ator-browser-user-manual&sort_by=-priority%2Cposition&checksum=emmapeelemmapeelhttps://gitlab.torproject.org/tpo/network-health/metrics/monitoring-and-alerting/-/issues/23Monitor churn in the network2024-03-14T09:31:51ZGeorg KoppenMonitor churn in the networkWe should move the churn feature available in `sybilhunter` into our monitoring infrastructure, so that we can have a nice dashboard and potential alerts for bad relay and other purposes.We should move the churn feature available in `sybilhunter` into our monitoring infrastructure, so that we can have a nice dashboard and potential alerts for bad relay and other purposes.jugajugahttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42455Display language notification changes fingerprint2024-03-14T09:11:22ZtrovaDisplay language notification changes fingerprint<!--
* Use this issue template for reporting a new bug.
-->
### Summary
The notification about set language changes the letterboxing size on first run of TB. This is not much of an issue for installations where TB's profile is persisten...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
The notification about set language changes the letterboxing size on first run of TB. This is not much of an issue for installations where TB's profile is persistent (like Tor Browser Bundle on a regular Linux or Windows system), but is both an annoyance and a privacy risk with disposable use-cases, like Whonix Live Mode or Qubes OS Whonix DispVM.
### Steps to reproduce:
1. Start TB with empty/fresh profile
2. Connect to Tor
3. Go to example.com
4. See that there is a white rectangle on the bottom
### What is the current bug behavior?
Notification about language is shown
### What is the expected behavior?
The notification should not be shown or should not change inner window size
### Environment
Qubes OS, Whonix / Fedora 39
TBB (both downloaded from TB website or flatpak)
### Relevant logs and/or screenshots
Here you can see the white rectangle on the botton which changes the default TB inner window size. Once the notification is closed, it fixes itself to proper default value.
![2024-03-12T14_04_08_070311411+01_00](/uploads/3e219813132c5c37e15b0d338c99d613/2024-03-12T14_04_08_070311411+01_00.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41710Refactor about:torconnects relation to TorConnectParent2024-03-14T08:59:54ZhenryRefactor about:torconnects relation to TorConnectParentWhen looking at the code for `aboutTorConnect.js` and `TorConnectParent.jsm` for https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41608 and https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41384 I re...When looking at the code for `aboutTorConnect.js` and `TorConnectParent.jsm` for https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41608 and https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41384 I realised that they have a strange mix of signalling.
1. Each "about:torconnect" tab listens for "torconnect:state-change" from their `TorConnectParent`, which is passed on from `TorConnect`.
2. Each "about:torconnect" tab sends events to `TorConnectParent` that are essentially just passed on to `TorConnect` to change its state.
3. Each "about:torconnect" tab regularly sends out "torconnect:set-ui-state" to their `TorConnectParent`, and then this state is saved for *all* instances of `TorConnectParent`. This state is only *read* by newly created "about:torconnect" tabs via "torconnect:get-init-args".
4. There are 3 actions that are not linked to the `TorConnect` state, which sends out "broadcast-user-action" to their `TorConnectParent`, which then broadcasts this to all instances of `TorConnectParent`, and each "about:torconnect" then receives "torconnect:user-action" to update their state.
I think basically 1 and 2 are there to interact with `TorConnect`, and as a side effect if you have multiple "about:torconnect" tabs they will *mostly* stay in sync. 3 and 4 seem to be added to fill in the gaps to keep each tab absolutely in sync.
Since we want this tight synchronisation between each "about:torconnect" tab, I think it would make more sense to shift *all* the UI state information to the `TorConnectParent` *class*, which is shared by each instance. I.e. drop `aboutTorConnect.uiState` and shift the control out of the child and into the parent. And the relation would be:
1. Each "about:torconnect" tab listens to a state change event, and it tells the tab all the information it needs to "paint" itself. All instances receive this at the same time.
2. Each "about:torconnect" tab sends user interactions (clicking a button, selecting a country, etc) to the `TorConnectParent`.
NOTE: things like user focus should be managed independently by each "about:torconnect" tab.
This area might need some refactoring anyway to address https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41384 so I might do this just before, or in combination.henryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20842Proposal: Improve Tor Browser font whitelist / bundled fonts2024-03-14T03:15:14ZArthur EdelsteinProposal: Improve Tor Browser font whitelist / bundled fonts**Background:**
In legacy/trac#13313 we introduced a new font whitelisting mechanism. Tor Browser only allows certain fonts to be used in the browser, in order to prevent bad people from trying to identify you by detecting what fonts ar...**Background:**
In legacy/trac#13313 we introduced a new font whitelisting mechanism. Tor Browser only allows certain fonts to be used in the browser, in order to prevent bad people from trying to identify you by detecting what fonts are installed on your computer. Font whitelisting is also available in Firefox, off by default. (The whitelisting is controlled by a pref, "font.system.whitelist", which contains a comma-separated list of allowed font names. You can edit this pref by opening a tab and browsing to `about:config`.)
On Window and Mac, we mostly whitelist certain system fonts that are bundled with the operating system by default. We bundle a few [Google Noto fonts](https://www.google.com/get/noto/) as well for languages that don't have a built-in platform font.
On Linux, we bundle a large number of Google Noto fonts, plus Arimo, Cousine, and Tinos. We don't expose any system fonts, because these aren't consistent across Linux flavors.
My strategy for choosing fonts for the whitelist was to try to cover all possible languages with at least one font, and get the work done as efficiently as possible. I whitelisted Mac and Windows fonts that have been available for a long time and should be on essentially all systems. Bundling fonts from the Noto collection was a quick and dirty method for covering any missing fonts for different languages.
But there are probably more appealing fonts for some languages that we could use, especially on Linux. For example, in legacy/trac#20820 we are considering switching Linux from Noto Japanese to mona.ttf because the latter looks better (according to Yawning) and because mona.ttf can be used in the ancient Japanese art of ascii calligraphy. I also heard from someone who knows that the Tamil font on Windows is not too beautiful.
**Proposed project:**
So it would be a useful project to go through each of the fonts on each platform and see if there are better fonts that could be used instead. Important considerations would include:
* Aesthetics
* Character coverage
* Printability
* Font licensing
* Font file size
This would require asking the opinions of native speakers of various languages.
Ideally, we could come up with a new font whitelist and bundling list for Mac, Windows and Linux, where the fonts are beautiful and users are happy.