Browser-laptop: Fingerprint based on system fonts

Created on 22 Jun 2016  路  8Comments  路  Source: brave/browser-laptop

Describe the issue you encountered: On my environment the system fonts make the browser unique much more than any other leakages do. Is there any way to fix this?

  • Platform (Win7, 8, 10? macOS? Linux distro?): Windows 10 updated from Windows 7. Office 2013 is installed.
  • Brave Version: 0.10.3
  • Screenshot if needed:
  • Any related issues: #2229 #242
featurshields misfingerprinting open-in-brave-core post-v1 privacy question wontfix
Source
picture luixxiul
👍2

Most helpful comment

we could limit the font list for users who have FP set to block all (vs block 3rd party which is the default) but it would make some sites look uglier

picture diracdeltas on 20 Sep 2017
👍2

All 8 comments

scriptsafe
https://github.com/andryou/scriptsafe

Added a new Fingerprinting Protection section with 8 new options (disabled by default):

Canvas Fingerprint Protection - protect against fingerprinting attempts through elements, with the following options:
Disabled
Blank Readout (serve an empty canvas with the original dimensions)
Random Readout (serve an empty canvas with random dimensions)
Completely Block Readout (refuse to serve any data)

Block Audio Fingerprinting - prevent fingerprinting via the AudioContext API

Block WebGL Fingerprinting - prevent fingerprinting via the WebGL API

Block Battery Fingerprinting - prevent fingerprinting via the Battery API

Block Device Enumeration - prevent having hardware devices detected via the WebRTC API

Block Gamepad Enumeration - prevent having hardware devices detected via the Gamepad API

Block Canvas Font Access - prevent system fonts from being enumerated through elements

Reduce Keyboard Fingerprinting (for advanced users) - make keypress timings more random to increase anonymity (note: adds a random delay between keypresses))
I recommend enabling all of the above options (except the last) for increased privacy, and based on your needs disable the options that interfere with your usage.
Added new option: "Prevent Clipboard Interference" (under "Behavior Settings") - prevent pages

Install from the Chrome Web Store: https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf

gameb0y picture gameb0y on 22 Jun 2016

The thing is that the systems fonts are detected via JavaScript and Flash (tested on Google Chrome)

luixxiul picture luixxiul on 22 Jun 2016
👍1

So there is no way to block this? Fingerprinting by browser type and fonts would make every user unique on it's own.

In Firefox one can use Blender to fake using the most popular browser version/operating system and block font detection.

ghost picture ghost on 28 Apr 2017
1

cc: @diracdeltas

bsclifton picture bsclifton on 30 Apr 2017

https://browserleaks.com/fonts#comment-3084234018

Currently, font fingerprinting cannot be blocked even in Tor Browser. However, Tor browser limits the amount of available fonts to a certain list, thus making all Tor user appear as having the same set of fonts.

We also could limit the amount of available fonts. @diracdeltas wdyt?

luixxiul picture luixxiul on 20 Sep 2017
👍1

we could limit the font list for users who have FP set to block all (vs block 3rd party which is the default) but it would make some sites look uglier

diracdeltas picture diracdeltas on 20 Sep 2017
👍2

I personally think that if the change is announced via twitter and documented on changelog and wiki, it should not be a great issue.

luixxiul picture luixxiul on 22 Sep 2017

This issue now lives at brave/brave-browser#816 .

tomlowenthal picture tomlowenthal on 23 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mykkymk picture mykkymk  路  3Comments
eljuno picture eljuno  路  3Comments
stevespringett picture stevespringett  路  3Comments
bsclifton picture bsclifton  路  3Comments
briannyeko picture briannyeko  路  3Comments