Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fonts Fingerprinting #71

Closed
Kraxys opened this issue Oct 9, 2018 · 5 comments
Closed

Fonts Fingerprinting #71

Kraxys opened this issue Oct 9, 2018 · 5 comments
Labels
enhancement New feature or request

Comments

@Kraxys
Copy link

Kraxys commented Oct 9, 2018
edited
Loading

There are currently 2 workarounds to deal with the fonts fingerprinting problem: 1) Set the FF preference browser.display.use_document_fonts to 0 ; In this case, the browsers shows only 10/11 fonts, and some pages aren't well displayed. 2) Adjust the preference font.system.whitelist to a list of fonts many people have chosen to use, in this case, the fonts list used by TBB. For now, this list is containing 60 fonts.

The problem with the 1st solution is the browsers will always show the same list of 10/11 fonts, from a browsing session to another. And as using only 10 fonts is very uncommon, this specific set of 10 fonts may become a fingerprint, permitting the user to be traced.

The 2nd solution is better in terms of readability, and because the group of users using these 60 fonts is large. But the vast majority of these peoples are Tor network user. So if someone is using these 60 fonts without browsing through the Tor network, his behavior is very unusual, and these list of 60 fonts may become a fingerprint for him, again.

So, why not to make the browser shows (eg for each browsing session) a slightly different set of fonts? In doing that, the "fonts correlations" affecting the users in the 2 previous workaround will not happen, and the user will remain non traceable (at least non traceable through fonts)

In the Pre-Quantum era, an addon dit that (https://addons.mozilla.org/en-US/firefox/addon/stop-fingerprinting). But it was a XUL... Could this interesting feature be ported to Chameleon??
@sereneblue
Copy link
Owner

It looks like that addon is doing something similar to the client rects spoofing but for HTML elements. I'll look into spoofing font detection.

@WPFilmmaker
Copy link

@sereneblue Don't know if this can be useful for reference: dillbyrne/random-agent-spoofer#119

@sereneblue
Copy link
Owner

Thanks for that link. I'll take a look at FireGloves.

@sereneblue sereneblue added the enhancement New feature or request label Oct 24, 2018
@sereneblue sereneblue added this to the Chameleon v0.13.0 milestone Sep 4, 2019
@WPFilmmaker
Copy link

@sereneblue Any news? Any chance we can get this in chameleon v0.20.0?

@sereneblue
Copy link
Owner

@WPFilmmaker It's in the roadmap for v0.20.0. I've mentioned it a few times here.

sereneblue added a commit that referenced this issue Apr 25, 2020
@sereneblue
feat(injection): add spoof font fingerprint; close #55, close #71
07c2457
@sereneblue sereneblue removed this from the Chameleon v0.13.0 milestone Apr 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sereneblue @Kraxys @WPFilmmaker