Comments (11)
Does this require that every website download it's own fonts to the client or is there an equivalency matrix like with other technologies?
What are the downsides to doing this?
Also, this assumes Flash is allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed.
from user.js.
@Gitoffthelawn it's not related to Flash (check the screenshot above, Flash is listed as not present), Javascript is used to detect fonts - https://www.browserleaks.com/fonts.
from user.js.
@publicarray: Thanks! I think this is a good idea. Also, the Tor Browser has similar feature not to use the system fonts.
from user.js.
As said this is useless
I really don't think it's useless.
from user.js.
So a step forward is useless, if you don't immediately get into the destination? Even the site you linked (thanks for these links BTW.) states "Fingerprinters have to work harder for worse results—that’s good!", which is on the spot. We'll never have everything perfectly secure and private, but it's all about raising the bar.
And even though different add-ons handle some of these things, it's always better to try to do it from within Firefox itself. Besides, there's really no guarantee that all the users use all the add-ons we recommend, so again, it's a step forward.
But yes, definitely not an absolute fix for this issue, but improvement nevertheless.
from user.js.
@CHEF-KOCH Thanks for all of the research. I agree that it's not a perfect solution but it does prevent javascript enumeration like this test.
uBlock Origin blocks network requests and does not prevent font fingerprinting. It can be used to reduce the number of hostnames you are connecting to. e.g. you can block 3rd party fonts and 1st party
fonts.
from user.js.
i wish there were an option to disable only detection/use of local fonts so that remote fonts could still be used. that way websites with custom fonts could still be seen properly (and also controlled via addons like ublock). this breaks custom fonts on everything including certain addons. and it probably makes you stick out in a way since most peoples fonts are enumerable. but it might be better than leaking the whole list
from user.js.
I have used this setting for such a long time that I've probably forgotten how the web looks like with custom fonts...
http://www.w3schools.com/cssref/css_websafe_fonts.asp or http://www.cssfontstack.com/
Sorry I have forgotten that the fonts are indeed not loaded.
from user.js.
@publicarray @nodiscc @CHEF-KOCH
My apologies. In my post, I wrote, "Also, this assumes Flash is allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed."
I meant to write: "Also, this assumes Flash is NOT allowed, correct? To my knowledge, there is currently no way to prevent font fingerprinting when Flash is allowed."
Brain going faster than my fingers! :-)
from user.js.
Fluxfonts: font fingerprint cloaking.
Obfuscation, explained: https://github.com/da2x/fluxfonts
from user.js.
This post is mainly meant for people trying to find why they have icons replaced by text in some webpages.
For the CSS downsides of this setting, here are some examples (android download page where tickbox has been replaced by text and TinyTinyRSS page where icons has been also replaced by text. Both use "Material Icons" font)
from user.js.
Related Issues (20)
- How to enable history? HOT 4
- Best way to keep user.js up to date, when you also have modifications? HOT 6
- Disable downloading of Favicons in response to Favicon fingerprinting technique HOT 2
- Can't stop Firefox background connections HOT 24
- Strange issue Firefox switching to active window - Firefox stealing focus! HOT 3
- Repeat PREF 4520 4614 HOT 3
- Can't change useragent HOT 2
- Segmentation fault on OpenBSD HOT 1
- user.js+noscript HOT 1
- Certain SSL prefs less secure than current Firefox defaults. HOT 1
- Settings will fall back to systemwide_user.js after firefox restart
- privacy.resistfingerprinting not overwriteable HOT 1
- Investigate use of the `sticky` flag on prefs HOT 5
- webgl.disabled can block some website data HOT 1
- Extensions don't show up HOT 4
- How to restore urlbar behaviour? HOT 1
- When connecting with VPN: Secure Connection Failed
- OpenSCAPin profiili Upstream Firefox STIG
- Exceptions for Enhanced Tracking Protection not working HOT 1
- Recommendation to support uBlock Origin "Back up to file"? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from user.js.