Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Fingerprint based on system fonts #2259

Closed
luixxiul opened this issue Jun 22, 2016 · 8 comments
Closed

Fingerprint based on system fonts #2259

luixxiul opened this issue Jun 22, 2016 · 8 comments
Assignees
Labels
feature/shields misc/fingerprinting open-in-brave-core post-v1 We don't expect to be able to resolve this before releasing v1.0 with Brave Core (instead of Muon). privacy question wontfix

Comments

@luixxiul
Copy link
Contributor

luixxiul commented Jun 22, 2016

Describe the issue you encountered: On my environment the system fonts make the browser unique much more than any other leakages do. Is there any way to fix this?

@gameb0y
Copy link

gameb0y commented Jun 22, 2016

scriptsafe
https://github.com/andryou/scriptsafe

Added a new Fingerprinting Protection section with 8 new options (disabled by default):

Canvas Fingerprint Protection - protect against fingerprinting attempts through elements, with the following options:
Disabled
Blank Readout (serve an empty canvas with the original dimensions)
Random Readout (serve an empty canvas with random dimensions)
Completely Block Readout (refuse to serve any data)

Block Audio Fingerprinting - prevent fingerprinting via the AudioContext API

Block WebGL Fingerprinting - prevent fingerprinting via the WebGL API

Block Battery Fingerprinting - prevent fingerprinting via the Battery API

Block Device Enumeration - prevent having hardware devices detected via the WebRTC API

Block Gamepad Enumeration - prevent having hardware devices detected via the Gamepad API

Block Canvas Font Access - prevent system fonts from being enumerated through elements

Reduce Keyboard Fingerprinting (for advanced users) - make keypress timings more random to increase anonymity (note: adds a random delay between keypresses))
I recommend enabling all of the above options (except the last) for increased privacy, and based on your needs disable the options that interfere with your usage.
Added new option: "Prevent Clipboard Interference" (under "Behavior Settings") - prevent pages

Install from the Chrome Web Store: https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf

@luixxiul
Copy link
Contributor Author

The thing is that the systems fonts are detected via JavaScript and Flash (tested on Google Chrome)

@ghost
Copy link

ghost commented Apr 28, 2017

So there is no way to block this? Fingerprinting by browser type and fonts would make every user unique on it's own.

In Firefox one can use Blender to fake using the most popular browser version/operating system and block font detection.

@bsclifton
Copy link
Member

cc: @diracdeltas

@luixxiul
Copy link
Contributor Author

https://browserleaks.com/fonts#comment-3084234018

Currently, font fingerprinting cannot be blocked even in Tor Browser. However, Tor browser limits the amount of available fonts to a certain list, thus making all Tor user appear as having the same set of fonts.

We also could limit the amount of available fonts. @diracdeltas wdyt?

@luixxiul luixxiul added the needs-info Another team member needs information from the PR/issue opener. label Sep 20, 2017
@diracdeltas
Copy link
Member

we could limit the font list for users who have FP set to block all (vs block 3rd party which is the default) but it would make some sites look uglier

@diracdeltas diracdeltas added this to the 0.21.x (Nightly Channel) milestone Sep 20, 2017
@diracdeltas diracdeltas self-assigned this Sep 20, 2017
@diracdeltas diracdeltas modified the milestones: 0.21.x (Nightly Channel), 0.22.x Sep 20, 2017
@luixxiul luixxiul removed the needs-info Another team member needs information from the PR/issue opener. label Sep 22, 2017
@luixxiul
Copy link
Contributor Author

I personally think that if the change is announced via twitter and documented on changelog and wiki, it should not be a great issue.

@bbondy bbondy modified the milestones: 0.22.x (Nightly Channel), Backlog Oct 25, 2017
@tildelowengrimm tildelowengrimm added the post-v1 We don't expect to be able to resolve this before releasing v1.0 with Brave Core (instead of Muon). label Apr 17, 2018
@tildelowengrimm
Copy link

This issue now lives at brave/brave-browser#816 .

@bsclifton bsclifton removed this from the Triage Backlog milestone Aug 23, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
feature/shields misc/fingerprinting open-in-brave-core post-v1 We don't expect to be able to resolve this before releasing v1.0 with Brave Core (instead of Muon). privacy question wontfix
Projects
None yet
Development

No branches or pull requests

6 participants