Re: Amnesty International's "Mutant Font" from Nicholas Doty on 2015-04-02 (public-privacy@w3.org from April to June 2015)

From: Nicholas Doty <npdoty@ischool.berkeley.edu>
Date: Thu, 2 Apr 2015 16:08:32 -0700
To: Joseph Lorenzo Hall <joe@cdt.org>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <91FBD180-8DED-4738-BAA2-7900BA4BFBBE@ischool.berkeley.edu>

On a brief review, it seems worrisome, although I like the idea of exploring alternative forms of obfuscation.

Does it give a false sense of security? Possibly. The obfuscation appears to be a simple substitution cipher, and if a bot wanted to translate back to the original text, it could: use the site's form itself to translate an alphabet and get the current substitutions; or download the corresponding font and use OCR; or run a simple cryptanalysis attack (maybe 50 or so characters would be required). The description of the project notes that the goal is just to "hinder", which is true in at least some sense: an attacker would have to write some code to follow one of those steps.

However, the main effect seems to be inhibiting accessibility, which would be relatively effective. No one with limited vision using a screenreader would be able to read your obfuscated text. :(

Finally, embedding the obfuscated text requires that the visitor load a font file and an image from the fontemutante.com.br and fontemutante.com (the latter over HTTP), which has its own privacy implications for your readers.

I would be curious to know whether there's an interest in using captchas or some other evidence of interactive human participation to limit access to resources online: for example, people who want to post content without its being indexed (and aren't satisfied with compliance with robots.txt).

—Nick

A sample of the generated HTML and substituted text for "abcdefghijklmnopqrstuvwxyz" (at least with today's code):

<style type="text/css">
@font-face {font-family: 'Fonte_Mutante_4';font-style: normal;src: url('https://fontemutante.com.br/uploads/font_mutante/file/4/Mutante_stars_mix.ttf') format('truetype')}
.fonte_mutante_4 {
font-family: Fonte_Mutante_4;
font-size:16px;
letter-spacing: 1px;}
</style>

<p class="fonte_mutante_4">
 LMNOPQRST!#(),.:/;?0123456
    <br><br>
    <a href="http://fontemutante.com" target="_blank"><img src="http://www.mutantfont.com/assets/img-01-12-72a751afbba717cf2c8e95f923daa5a5.png" class="img-hd"></a>
</p>

> On Apr 2, 2015, at 7:39 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> 
> http://www.mutantfont.com/
> 
> press story: http://www.fastcocreate.com/3044569/amnesty-internationals-mutant-font-promises-to-protect-your-privacy-online
> 
> At first I thought this might be a way to thwart font-based active
> fingerprinting to make your font list dynamic in your UA... but it
> appears to be a way to write content online in an obfuscated way (for
> machines) that is still readable (for humans).
> 
> :/ (not sure if it's an "April Fool's Day" joke... didn't try to use it)

Received on Thursday, 2 April 2015 23:09:08 UTC