Firefox 52: Better Font Fingerprinting Protection

Mozilla plans to integrate better font fingerprinting protection in Firefox 52; the new version of the web browser is scheduled for a March 7, 2017 release. The changes are already live in pre-release versions of the web browser.

Font fingerprinting refers to one of the many fingerprinting options that websites and services have when users connect to them.

The web browser reveals information during connect which the site or service may record. The core idea behind browser fingerprinting is to create a unique profile of a browser by using one, some or many parameters that are retrievable publicly.

Tip: You can run browser fingerprinting tests like Browserprint or Panopticlick to find out about what your browser reveals on connect.

Firefox 52: Better Font Fingerprinting Protection

browser font fingerprinting

If you check for system fonts using a service like Panopticlick, you will get the list of supported fonts returned. This test requires only JavaScript to function, and has nothing to do with Adobe Flash's method of returning fonts as well.

The screenshot above confirms that system fonts are revealed to sites using JavaScript currently. This is true for all Firefox channels, even development channels.

The new change that will launch with Firefox 52 is an optional parameter that you can configure to restrict font access.

So, instead of returning all fonts installed on the operating system, Firefox would only return the fonts that you have whitelisted.

Side note: one could say that restricting fonts might make you even more unique, considering that the vast majority of browsers won't return only some or even no fonts at all. Also, being too restrictive may change fonts that the browser uses as well. Finally, some fonts appear to be added regardless of your choice currently. Adding only Helvetica to the whitelist for instance returned Courier, MS Sans Serif, Sans Serif and Times as well. It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated.

firefox 52 font fingerprinting protection

You need to do the following to use a system font whitelist in Firefox:

  1. Type about:config in the browser's address bar and hit the Enter-key afterwards.
  2. Confirm that you will be careful if the warning prompt is displayed.
  3. Right-click in the main pane listing all preferences, and select New > String from the context menu.
  4. Name the new parameter font.system.whitelist.
  5. Now add fonts to the whitelist separated by comma: Helvetica, Courier, Verdana is a valid value for instance.

The change takes effect immediately. You may notice that fonts change in the browser UI or on websites as a response

You can follow the feature's progress on Bugzilla. (via Sören Hentzschel)

Summary
Article Name
Firefox 52: Better Font Fingerprinting Protection
Description
Mozilla plans to integrate better font fingerprinting protection in Firefox 52; the new version of the web browser is scheduled for a March 7, 2017 release.
Author
Publisher
Ghacks Technology News
Logo
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Firefox 52: Better Font Fingerprinting Protection

  1. earthling December 28, 2016 at 5:20 pm #

    "It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated. Mozilla seems to consider this approach at least."
    The bugzilla is 'RESOLVED FIXED' for landing in FF52, and it doesn't look like mozilla is planing to ship 'font.system.whitelist' with a standard set of fonts. Any infos on where you got the "Mozilla seems to consider this approach at least." part from?

    • Martin Brinkmann December 28, 2016 at 5:28 pm #

      I understood the discussion of the bug this way, comment 2 for instance. I understand what you mean though, so let me edit the article to remove any uncertainty.

  2. earthling December 28, 2016 at 5:43 pm #

    Ok, thanks for clarifying. I saw those comments too but later on they never really talk about considering setting the pref to a pre-defined set of fonts. It looks like this pref is gonna be great for TOR but would only increase the fingerprinting problem on a vanilla FF, except maybe for people who installed additional fonts on their systems.

    Curious to see Pants' thoughts about it. Probably not very useful to include this pref in her user.js, because it would need to be custom-set depending on the OS and OS version.

    • Pants December 29, 2016 at 12:54 am #

      I use browser.display.use_document_fonts, 0. With this Panopticlick returns nothing except it seems to think I have two fonts (Wingdings 2, Wingdings 3) which I don't. JoDonym lists me with 4 fonts/families (monospace, sans serif, serif, times new roman). FYI the three fonts I allow (Options>Content>Fonts>Advanced) are Georgia, Arial and Lucida Console - so no idea where Times New Roman (I think it is a default serif value) comes from. TBB is the same four fonts but adds mingliu and pmingliu (this is on Windows)

      Once 52 comes out I can have a play. I will assume for now that browser.display.use_document_fonts trumps font.system.whitelist, which is only going to be if you don't block fonts, and can thus limit the list. The two prefs are for different purposes, but it may be interesting to see what happens if I limit the whitelist to the same three fonts in Options>Content>Fonts>Advanced (does this then block Panopticlick thinking I have wingdings, does it stop JoDonym listing Times New Roman?).

      PS: I also thought the pref font.system.whitelist was to use families, eg testFontWhitelist(useMono, useSans, useSerif); but in hindsight maybe this was just for the tests.

      ==
      There is also this one, which seems like they will abandon it, which I hope they don't. I would prefer to allow use of all local fonts, but not leak ANYTHING (I block all downloadable fonts - eg @font-face, thus server side checking of font downloads is contained - BUT I do allow glyphs)

      // 1400's [Backlog]: prevent local font enumeration
      // https://bugzilla.mozilla.org/show_bug.cgi?id=732096

    • Pants December 29, 2016 at 1:19 am #

      https://bugzilla.mozilla.org/show_bug.cgi?id=1121643#c57

      Until 52 comes out and I can experiment, basically this pref is only useful to those who do not block fonts. That is, they can limit the list - but, as we all know, the high number of combinations possible in the pref will simply mean that most people end up being unique. Will be included in the user.js (as you know it has been there already for three or four months in the tor uplift section), but 99% sure it will be commented out with caveats

  3. Earl December 28, 2016 at 5:55 pm #

    It's been a long, long time since I specifically added any fonts to a system. By and large, if any fonts do get added, it's from some program being installed that also installed some fonts (Microsoft Word, for instance [not that Word is something I'd install]). So, I've generally refrained from installing programs that would modify the system in any such permanent way--lots of standalone/portable "installs". Of course, that was when I was using Windows, which I don't much do anymore. I mostly just keep my systems as vanilla as possible.

    • Anonymous December 28, 2016 at 7:24 pm #

      Using anything but Windows or Mac OS is probably the uniquest property of a user. The system you are using is reported by the browser. Even if you're running the most popular Linux distro (Ubuntu I guess), you've narrowed down your uniqueness by a tenfold at least, probably even more. Combine that with cookies, caches, timezones, IPs, language of the OS/browser, fonts and other fingerprinting methods, you are an order of magnitude easier to track.

    • Heimen Stoffels December 29, 2016 at 11:37 am #

      I use Linux but I always add the Dyslexie font. I'm not diagnosed as being dyslexic but I do have trouble reading normal fonts and have trouble reading Dyslexie. So for some people it's useful to add an external font.

  4. Gostas December 28, 2016 at 6:54 pm #

    I cannot stand seeing this fugly picture of your Firefox. If you love this style, I don't think you'll have a better taste in your life.

    • Geezus December 28, 2016 at 7:14 pm #

      If that's all you got from this article, I would worry about your life more.

      • Gostas December 29, 2016 at 8:43 am #

        I don't really care about the article and the FONTS, I just clicked for a quick read, saw the abomination - almost killed myself.

    • Martin Brinkmann December 28, 2016 at 7:46 pm #

      Functional > Pretty, any day.

      • lehnerus2000 December 29, 2016 at 1:18 am #

        Agreed.

      • Gostas December 29, 2016 at 8:42 am #

        It's not functional in no way. Stock look is way more functional and pleasant to the eye. This is abomination plain and simple. You are remnants of Windows XP and this image shows. This is why software technology and design cannot advance in rapid speed - because you are using Windows XP(I know you keep a PC with XP in your base) and you'd go out of your way to change the image of a whole program(this picture shows. This abomination is not Firefox). So they have to support these XP users. Imagine if Microsoft ended XP support back in 2010. Or if Google/Mozilla ended XP support. Things would have been better in both design and software.

      • Martin Brinkmann December 29, 2016 at 8:54 am #

        The PC the screenshot was taken on a PC that runs Windows 10.

      • lehnerus2000 December 31, 2016 at 2:34 am #

        @Gostas
        Wrong on all counts.
        W8 was designed using "your theory" and we all know what a runaway smash hit that was for MS.

  5. Geezus December 28, 2016 at 6:55 pm #

    The article was a little misleading to me. I agreed with you and thought that this way of doing things was amateur from Mozilla.

    But from reading the bug, what I get is that there is going to be a sensible default whitelist per OS, as we can see in your own Panopticlick screenshot. Then people can add a couple fonts of their own if need be, through about:config. It is ill advised to add any font though, but anyone doing so is very likely to know the trade-off if there's no UI for it. If at some point a UI is implemented it should be very explicit about why anyone would want to add a new font to the default whitelist, and what is the cost of doing so.

    Ain't my understanding correct ?

  6. earthling December 28, 2016 at 10:31 pm #

    @Geezus
    Your understanding is incorrect. If you look at the changelogs in the links from the last comment in the bugzilla you can see that no such list is in there anywhere.
    In fact, it looks like they won't provide ANY default value for 'font.system.whitelist', ie it's a hidden pref that needs to be manually created. The pref value will need to contain at least one valid and existing font name or it will default back to an empty string, because Gecko needs to have at least one font available or I guess things would start to break en masse!
    In the bugzilla comment 5 you can see "the font families used by Tor Browser 5.5a" back in October 2015.

    • Geezus December 29, 2016 at 12:52 am #

      (According to code comments, if the whitelist pref is an empty string, all fonts are allowed. In effect empty pref means that font fingerprinting protection is disabled.)

  7. Gonzo December 29, 2016 at 2:12 am #

    If you’re running Linux or Mac you can use “fluxfonts: A continual random font generator for increased privacy.” It’s like Random Agent Spoofer but for fonts, though not an Add-on.

    https://github.com/da2x/fluxfonts

  8. Ben December 29, 2016 at 12:07 pm #

    Alternative website:
    https://www.browserleaks.com/

    @Martin, what can I do to stay somewhat logged in here in the comments? It was possible in the past but not working for months now, but it seems it still works for others.

    • Martin Brinkmann December 29, 2016 at 12:14 pm #

      Ben, I have not changed a thing here on the site. Are you sure cookies are not deleted in your browser regularly? Can't really think of another reason why this is happening. Can you try another browser just to see what happens?

      • Ben December 29, 2016 at 12:27 pm #

        test1 with vivaldi

  9. Ben December 29, 2016 at 12:46 pm #

    test2 with vivaldi
    The comment_author_xxxxxxxxxxxxxxxxxxxx and comment_author_email_xxxxxxxxxxxxx for me have a lifespan of only some minutes and now are invalid, so I have to enter a username and email again.
    I now entered the email from my first post (made with FF) here in vivaldi, and it came through. Will test in 20min or so if it works without the email (I normaly choose a random one and not my real one).

    • Ben December 29, 2016 at 1:05 pm #

      test3 with vivaldi
      cookies are gone again, I try it with a new random email.
      If it gets to moderated status, I guess your CMS/Comments simply whitelists the email for a certain amount of time.
      The problem is, that the cookies mentioned above that should remember those settings on my side have a very short lifespan. If you change this lifespan to 30yrs or whatever in your comments software the problem will be gone (if it's indeed a whitelist in your software - what lifespan do the "login" credentials have on the server?).

    • Ben December 29, 2016 at 1:07 pm #

      test4 with vivaldi
      Now using the old email again that was (I think whitelisted) with my first FF comment.
      Hm still in moderation mode.

  10. b December 30, 2016 at 12:17 pm #

    how about the function of ubloc origin that bans thirdparty fonts? not enough to safeguard?

    • MdN December 30, 2016 at 3:30 pm #

      It blocks third party fonts, but this is a different thing: websites know which fonts you already have installed.

  11. Anonymous December 30, 2016 at 5:36 pm #

    Glad Mozilla will make me more unique.

  12. Ted December 31, 2016 at 2:57 pm #

    I can finally prove Firefox is already more secure Chrome. My ISP has been blocking copyright infringement content. They punished me by jumping me offline and back on 30 seconds later. That happened between 10 and 15 times while watching each video. Then I opened them in Firefox 50.1.0 64-bit w/multiprocess enabled and BrowseC VPN. I have had no problem since.

  13. Barry K January 2, 2017 at 5:27 am #

    "My ISP has been blocking copyright infringement content."

    Wow!

    May I ask, who the ISP is?

Leave a Reply