Firefox 52: Better Font Fingerprinting Protection
Mozilla plans to integrate better font fingerprinting protection in Firefox 52; the new version of the web browser is scheduled for a March 7, 2017 release. The changes are already live in pre-release versions of the web browser.
Font fingerprinting refers to one of the many fingerprinting options that websites and services have when users connect to them.
The web browser reveals information during connect which the site or service may record. The core idea behind browser fingerprinting is to create a unique profile of a browser by using one, some or many parameters that are retrievable publicly.
Tip: You can run browser fingerprinting tests like Browserprint or Panopticlick to find out about what your browser reveals on connect.
Firefox 52: Better Font Fingerprinting Protection
The new change that will launch with Firefox 52 is an optional parameter that you can configure to restrict font access.
So, instead of returning all fonts installed on the operating system, Firefox would only return the fonts that you have whitelisted.
Side note: one could say that restricting fonts might make you even more unique, considering that the vast majority of browsers won't return only some or even no fonts at all. Also, being too restrictive may change fonts that the browser uses as well. Finally, some fonts appear to be added regardless of your choice currently. Adding only Helvetica to the whitelist for instance returned Courier, MS Sans Serif, Sans Serif and Times as well. It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated.
You need to do the following to use a system font whitelist in Firefox:
- Type about:config in the browser's address bar and hit the Enter-key afterwards.
- Confirm that you will be careful if the warning prompt is displayed.
- Right-click in the main pane listing all preferences, and select New > String from the context menu.
- Name the new parameter font.system.whitelist.
- Now add fonts to the whitelist separated by comma: Helvetica, Courier, Verdana is a valid value for instance.
The change takes effect immediately. You may notice that fonts change in the browser UI or on websites as a response
You can follow the feature's progress on Bugzilla. (via SÃ¶ren Hentzschel)
“It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated. Mozilla seems to consider this approach at least.”
The bugzilla is ‘RESOLVED FIXED’ for landing in FF52, and it doesn’t look like mozilla is planing to ship ‘font.system.whitelist’ with a standard set of fonts. Any infos on where you got the “Mozilla seems to consider this approach at least.” part from?
I understood the discussion of the bug this way, comment 2 for instance. I understand what you mean though, so let me edit the article to remove any uncertainty.
Ok, thanks for clarifying. I saw those comments too but later on they never really talk about considering setting the pref to a pre-defined set of fonts. It looks like this pref is gonna be great for TOR but would only increase the fingerprinting problem on a vanilla FF, except maybe for people who installed additional fonts on their systems.
Curious to see Pants’ thoughts about it. Probably not very useful to include this pref in her user.js, because it would need to be custom-set depending on the OS and OS version.
I use browser.display.use_document_fonts, 0. With this Panopticlick returns nothing except it seems to think I have two fonts (Wingdings 2, Wingdings 3) which I don’t. JoDonym lists me with 4 fonts/families (monospace, sans serif, serif, times new roman). FYI the three fonts I allow (Options>Content>Fonts>Advanced) are Georgia, Arial and Lucida Console – so no idea where Times New Roman (I think it is a default serif value) comes from. TBB is the same four fonts but adds mingliu and pmingliu (this is on Windows)
Once 52 comes out I can have a play. I will assume for now that browser.display.use_document_fonts trumps font.system.whitelist, which is only going to be if you don’t block fonts, and can thus limit the list. The two prefs are for different purposes, but it may be interesting to see what happens if I limit the whitelist to the same three fonts in Options>Content>Fonts>Advanced (does this then block Panopticlick thinking I have wingdings, does it stop JoDonym listing Times New Roman?).
PS: I also thought the pref font.system.whitelist was to use families, eg testFontWhitelist(useMono, useSans, useSerif); but in hindsight maybe this was just for the tests.
There is also this one, which seems like they will abandon it, which I hope they don’t. I would prefer to allow use of all local fonts, but not leak ANYTHING (I block all downloadable fonts – eg @font-face, thus server side checking of font downloads is contained – BUT I do allow glyphs)
// 1400’s [Backlog]: prevent local font enumeration
Until 52 comes out and I can experiment, basically this pref is only useful to those who do not block fonts. That is, they can limit the list – but, as we all know, the high number of combinations possible in the pref will simply mean that most people end up being unique. Will be included in the user.js (as you know it has been there already for three or four months in the tor uplift section), but 99% sure it will be commented out with caveats
It’s been a long, long time since I specifically added any fonts to a system. By and large, if any fonts do get added, it’s from some program being installed that also installed some fonts (Microsoft Word, for instance [not that Word is something I’d install]). So, I’ve generally refrained from installing programs that would modify the system in any such permanent way–lots of standalone/portable “installs”. Of course, that was when I was using Windows, which I don’t much do anymore. I mostly just keep my systems as vanilla as possible.
Using anything but Windows or Mac OS is probably the uniquest property of a user. The system you are using is reported by the browser. Even if you’re running the most popular Linux distro (Ubuntu I guess), you’ve narrowed down your uniqueness by a tenfold at least, probably even more. Combine that with cookies, caches, timezones, IPs, language of the OS/browser, fonts and other fingerprinting methods, you are an order of magnitude easier to track.
I use Linux but I always add the Dyslexie font. I’m not diagnosed as being dyslexic but I do have trouble reading normal fonts and have trouble reading Dyslexie. So for some people it’s useful to add an external font.
I cannot stand seeing this fugly picture of your Firefox. If you love this style, I don’t think you’ll have a better taste in your life.
If that’s all you got from this article, I would worry about your life more.
I don’t really care about the article and the FONTS, I just clicked for a quick read, saw the abomination – almost killed myself.
Functional > Pretty, any day.
It’s not functional in no way. Stock look is way more functional and pleasant to the eye. This is abomination plain and simple. You are remnants of Windows XP and this image shows. This is why software technology and design cannot advance in rapid speed – because you are using Windows XP(I know you keep a PC with XP in your base) and you’d go out of your way to change the image of a whole program(this picture shows. This abomination is not Firefox). So they have to support these XP users. Imagine if Microsoft ended XP support back in 2010. Or if Google/Mozilla ended XP support. Things would have been better in both design and software.
The PC the screenshot was taken on a PC that runs Windows 10.
Wrong on all counts.
W8 was designed using “your theory” and we all know what a runaway smash hit that was for MS.
Firefox is tool to see the web and should stay out of the way. If you stare at your pretty Firefox window instead of what it is displaying, you are doing it wrong.
The article was a little misleading to me. I agreed with you and thought that this way of doing things was amateur from Mozilla.
But from reading the bug, what I get is that there is going to be a sensible default whitelist per OS, as we can see in your own Panopticlick screenshot. Then people can add a couple fonts of their own if need be, through about:config. It is ill advised to add any font though, but anyone doing so is very likely to know the trade-off if there’s no UI for it. If at some point a UI is implemented it should be very explicit about why anyone would want to add a new font to the default whitelist, and what is the cost of doing so.
Ain’t my understanding correct ?
Your understanding is incorrect. If you look at the changelogs in the links from the last comment in the bugzilla you can see that no such list is in there anywhere.
In fact, it looks like they won’t provide ANY default value for ‘font.system.whitelist’, ie it’s a hidden pref that needs to be manually created. The pref value will need to contain at least one valid and existing font name or it will default back to an empty string, because Gecko needs to have at least one font available or I guess things would start to break en masse!
In the bugzilla comment 5 you can see “the font families used by Tor Browser 5.5a” back in October 2015.
(According to code comments, if the whitelist pref is an empty string, all fonts are allowed. In effect empty pref means that font fingerprinting protection is disabled.)
If youâ€™re running Linux or Mac you can use â€œfluxfonts: A continual random font generator for increased privacy.â€ Itâ€™s like Random Agent Spoofer but for fonts, though not an Add-on.
@Martin, what can I do to stay somewhat logged in here in the comments? It was possible in the past but not working for months now, but it seems it still works for others.
Ben, I have not changed a thing here on the site. Are you sure cookies are not deleted in your browser regularly? Can’t really think of another reason why this is happening. Can you try another browser just to see what happens?
test1 with vivaldi
test2 with vivaldi
The comment_author_xxxxxxxxxxxxxxxxxxxx and comment_author_email_xxxxxxxxxxxxx for me have a lifespan of only some minutes and now are invalid, so I have to enter a username and email again.
I now entered the email from my first post (made with FF) here in vivaldi, and it came through. Will test in 20min or so if it works without the email (I normaly choose a random one and not my real one).
test3 with vivaldi
cookies are gone again, I try it with a new random email.
If it gets to moderated status, I guess your CMS/Comments simply whitelists the email for a certain amount of time.
The problem is, that the cookies mentioned above that should remember those settings on my side have a very short lifespan. If you change this lifespan to 30yrs or whatever in your comments software the problem will be gone (if it’s indeed a whitelist in your software – what lifespan do the “login” credentials have on the server?).
test4 with vivaldi
Now using the old email again that was (I think whitelisted) with my first FF comment.
Hm still in moderation mode.
how about the function of ubloc origin that bans thirdparty fonts? not enough to safeguard?
It blocks third party fonts, but this is a different thing: websites know which fonts you already have installed.
Glad Mozilla will make me more unique.
I can finally prove Firefox is already more secure Chrome. My ISP has been blocking copyright infringement content. They punished me by jumping me offline and back on 30 seconds later. That happened between 10 and 15 times while watching each video. Then I opened them in Firefox 50.1.0 64-bit w/multiprocess enabled and BrowseC VPN. I have had no problem since.
“My ISP has been blocking copyright infringement content.”
May I ask, who the ISP is?
font.system.whitelist. doesn’t exist anymore on firefox last versions.
Not sure if @nowayI’mrudy had missed it, all those years ago, but it has been in this thread the time – just like the Firefox about:config setting has been, all along 2:
By default, of course, web pages can specify the fonts they want using CSS properties like font-family. This setting enables an extension to instruct Firefox to ignore the fonts specified by the page, and only use system fonts.
Its underlying value is a boolean:
– true: use the fonts specified by the web page. This is the default.
– false: use the system fonts.
And, anyway, as originally posted by gHacks.net, “font.system.whitelist” is a hidden setting which has to be manually added to Firefox about:config or, included in the user.js file… not able to find its exclusion, anywhere, even if it’s now included within the proper RFP implementation?!
@nowayI’mrudy From where were you seeing it?..