[linux-elitists] Browser fingerprinting

Eugen Leitl eugen at leitl.org
Mon Oct 14 00:00:33 PDT 2013


----- Forwarded message from Bill Stewart <bill.stewart at pobox.com> -----

Date: Sun, 13 Oct 2013 17:06:22 -0700
From: Bill Stewart <bill.stewart at pobox.com>
To: Eugen Leitl <eugen at leitl.org>
Cc: cypherpunks at al-qaeda.net, info at postbiota.org, zs-p2p at zerostate.is, Don Marti <dmarti at zgp.org>, linux-elitists at zgp.org
Subject: Re: [linux-elitists] Browser fingerprinting
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Message-Id: <20131014000636.44F74DD8F at a-pb-sasl-quonix.pobox.com>


> Date: Sun, 6 Oct 2013 11:11:46 -0700
> From: Don Marti <dmarti at zgp.org>
> 
> Translation: "Fine, you smug cookie-blocking nerds.
> We're going to go all browser fingerprinting on you."
> ...
> Unfortunately, Firefox appears to be highly fingerprintable.

One reason Firefox is highly fingerprintable is that it sends a list
of your available fonts to the web server so the server can format its
pages with cool fonts instead of boring fonts if you're able to read
them.  That often turns out to be surprisingly unique, at least if you
like fonts, and AFAIK it's not just the fonts you've configured into
your browser, it's the fonts configured into your computer.

For instance, my work PC has a font for the $DAYJOB corporate logo,
and has since acquired a couple more fonts so I can display their
newer marketing presentations correctly in Powerpoint, plus it's got
the dozen or two different monospace console fonts I was trying out to
find a good one for programming use, and the usual collection of
Bocklin and Dwarvish and Tibetan that old hippies usually have on our
computers, just in case we might need to count to nine billion or have
an appropriate password entry form.  When I first tested it with the
panopticlick tool, it was unique; there are now a couple other similar
machines (but that's "my machine's IE", "my machine's Firefox", and
"my machine running Win7 with the Long Term Support version of Firefox
that Corporate IT department makes us use", so it's still unique in
reality.)

Sure would be nice if Mozilla had an option for "only announce the
standard vanilla web fonts".


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5


More information about the linux-elitists mailing list