One known problem is that on Firefox for Linux, every font you install via the package manager becomes a System Font, and thus is immediately “visible” as soon as Use Document Fonts is enabled, irrespective of the setting for CSS font visibility. I’ve even asked about here if it is possible to run multiple fontservers on a single session, as that would help palliate the fingerprinting by running Firefox profiles connected to different font lists.
As a relatively useful alternative, you can have Firefox profiles on different users, each having their own fontset available at .local/share/fonts, but for that to work you also have to remove all those extra fonts you installed via the package manager.
Oh interesting I wasn’t aware of how all of these things work. So even on the strictest CSS font visibility setting system fonts are not hidden (provided Document Fonts is enabled)? Local fonts I assume are hidden?
From comments in the bug report I got the feeling they should have, but aren’t; proably because of intrinsic issues with what it means to be a “system” component.
I have no means to test in Firefox Linux if local fonts are hidden because I don’t know what makes a font “local” either. Any font placed where the fontserver looks for them (be it system paths or .local/share/fonts) seems to count as “system”, which is why I specifically suggest using .local/share/fonts with different users: it’s the only path where you can offer variability. More importantly, CSS font visibility settings seem to mostly be intended for Javascript-based fingerprinting, and they do not work at all against CSS-based fingerprinting.
I am pending to raise an issue ticket to make it so that “Use Document Fonts” becomes a Site Preference instead of a Global Preference; that should go a very long way to enhance privacy in these cases. Once I do, I’ll link it here.
The second big one for me is how shocking I find it that timezone spoofing isn’t standard, now that so many people use VPNs. Why would someone connecting from Sweden have their clock set to GMT? Etc
I remember thinking how strange it is that websites can know all of your installed fonts when I was playing around with https://coveryourtracks.eff.org/ and https://www.amiunique.org/
I’m on linux and I have some extra fonts installed. Just the combination of them alone is so unique to me that you don’t need anything else.
One known problem is that on Firefox for Linux, every font you install via the package manager becomes a System Font, and thus is immediately “visible” as soon as Use Document Fonts is enabled, irrespective of the setting for CSS font visibility. I’ve even asked about here if it is possible to run multiple fontservers on a single session, as that would help palliate the fingerprinting by running Firefox profiles connected to different font lists.
As a relatively useful alternative, you can have Firefox profiles on different users, each having their own fontset available at
.local/share/fonts, but for that to work you also have to remove all those extra fonts you installed via the package manager.Oh interesting I wasn’t aware of how all of these things work. So even on the strictest CSS font visibility setting system fonts are not hidden (provided Document Fonts is enabled)? Local fonts I assume are hidden?
From comments in the bug report I got the feeling they should have, but aren’t; proably because of intrinsic issues with what it means to be a “system” component.
I have no means to test in Firefox Linux if local fonts are hidden because I don’t know what makes a font “local” either. Any font placed where the fontserver looks for them (be it system paths or
.local/share/fonts) seems to count as “system”, which is why I specifically suggest using.local/share/fontswith different users: it’s the only path where you can offer variability. More importantly, CSS font visibility settings seem to mostly be intended for Javascript-based fingerprinting, and they do not work at all against CSS-based fingerprinting.I am pending to raise an issue ticket to make it so that “Use Document Fonts” becomes a Site Preference instead of a Global Preference; that should go a very long way to enhance privacy in these cases. Once I do, I’ll link it here.
The second big one for me is how shocking I find it that timezone spoofing isn’t standard, now that so many people use VPNs. Why would someone connecting from Sweden have their clock set to GMT? Etc