Font fingerprinting about user.js HOT 11 CLOSED

Does this require that every website download it's own fonts to the client or is there an equivalency matrix like with other technologies?

What are the downsides to doing this?

Also, this assumes Flash is allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed.

from user.js.

@Gitoffthelawn it's not related to Flash (check the screenshot above, Flash is listed as not present), Javascript is used to detect fonts - https://www.browserleaks.com/fonts.

from user.js.

@publicarray: Thanks! I think this is a good idea. Also, the Tor Browser has similar feature not to use the system fonts.

from user.js.

As said this is useless

I really don't think it's useless.

from user.js.

So a step forward is useless, if you don't immediately get into the destination? Even the site you linked (thanks for these links BTW.) states "Fingerprinters have to work harder for worse results—that’s good!", which is on the spot. We'll never have everything perfectly secure and private, but it's all about raising the bar.

And even though different add-ons handle some of these things, it's always better to try to do it from within Firefox itself. Besides, there's really no guarantee that all the users use all the add-ons we recommend, so again, it's a step forward.

But yes, definitely not an absolute fix for this issue, but improvement nevertheless.

from user.js.

@CHEF-KOCH Thanks for all of the research. I agree that it's not a perfect solution but it does prevent javascript enumeration like this test.

uBlock Origin blocks network requests and does not prevent font fingerprinting. It can be used to reduce the number of hostnames you are connecting to. e.g. you can block 3rd party fonts and 1st party
fonts.

from user.js.

i wish there were an option to disable only detection/use of local fonts so that remote fonts could still be used. that way websites with custom fonts could still be seen properly (and also controlled via addons like ublock). this breaks custom fonts on everything including certain addons. and it probably makes you stick out in a way since most peoples fonts are enumerable. but it might be better than leaking the whole list

from user.js.

I have used this setting for such a long time that I've probably forgotten how the web looks like with custom fonts...

http://www.w3schools.com/cssref/css_websafe_fonts.asp or http://www.cssfontstack.com/

Sorry I have forgotten that the fonts are indeed not loaded.

from user.js.

@publicarray @nodiscc @CHEF-KOCH

My apologies. In my post, I wrote, "Also, this assumes Flash is allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed."

I meant to write: "Also, this assumes Flash is NOT allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed."

Brain going faster than my fingers! :-)

from user.js.

Fluxfonts: font fingerprint cloaking.
Obfuscation, explained: https://github.com/da2x/fluxfonts

#189; arkenfox/user.js#34

from user.js.

This post is mainly meant for people trying to find why they have icons replaced by text in some webpages.

For the CSS downsides of this setting, here are some examples (android download page where tickbox has been replaced by text and TinyTinyRSS page where icons has been also replaced by text. Both use "Material Icons" font)

from user.js.