[Feature] Font spoofing #1393
Comments
|
This and several other request about fingerprinting resistence (especially the buggy canvas random noise which obviously caused a lot of problems) can generally be included into a larger meta-issue, similar to the Tor Uplift project of Firefox. However it will be a quite big project and I doubt we have enough people here to do such a project. Simply add a flag to fix the font list may be possible, but then that will be a very specific solution and will only solve a small portion of the whole problem so I am not sure that is actually helpful, considering there are a lot of other ways of fingerprinting. |
|
Yeah, well fonts are just one of the issues. I managed to get all the bits of identifying information down pretty low for all the items except for the fonts. So that's why I opened this specific issue. |
|
Yes I understand that fonts are the issue for you. What I was saying above is more from the project perspective than about the specific issue. |
I find it funny that we went from "websites are using the canvas to fingerprint users" to "the patch that prevents them from doing that is buggy". |
|
But isn't it better to do something that can prevent fingerprinting and break as few things as possible better? I don't think "preventing" means stop people from using things altogether. |
|
The fault is still on the websites which uses these techniques without telling the user (which is illegal in some countries); the flag does not state on the tin "avoid fingerprinting via canvas, unless the website that wants to fingerprint me will break functionality", but simply makes canvas unusable for fingerprinting. In such sense it works as intended.
Isn't this already the case? |
That is true, but in this case as a developer making this decision means you are putting the burden on users. Users are the weaker party comparing to both the websites and the developers. Maybe it is possible to argue that you can pressure the users and indirectly pressure the websites to change, but as the weakest parties among all the users will be taking the most damage. |
It depends on what you consider most damaging for the user: a broken functionality or being silently fingerprinted. For Bromite project goals, the latter is obviously the most damaging one. In the case of ungoogled-chromium there is a flag, so if the user turns it on it is the user who has decided. |
|
Ok, I think that is a fair point. I still think some efforts should be put into improving the current solution but I understand if you think it is not worth the effort. |
|
This is a bit off-topic, but man, I rememebr FireGloves was able to do this to Firefox almost a decade ago. It really is quite some effort but it would be nice to have in Chromium |
I doubt it. There have never been and there are not currently extensions or browser that defeat fingerprinting 100%; it would be equivalent to say that there are browsers without security problems. FYI, from https://pet-portal.eu/blog/read/533/?set_language=eng
"demonstrational purposes" is the exact opposite of a working extensions to defeat (font) fingerprinting |
|
It did work and TOR adopted the same approach - succint, very dry set of allowed fonts. FG used to allow you to customize your font collectio which, as we know now, defeats purpose of being non-unique, so TOR enforces generic list among all TOR users. But FG really pioneered a lot of things back then. This feature will not hide the fact you use Unggogled Chromium but it might help blend in all UC users as long as it is enforced to work the same instead of being customizeable. |
|
Honestly, I'd much prefer if there was a setting for it. And the reason for that is this: if for some reason there's an update which adds new fonts/removes fonts from the base windows install, then users should have the ability to change the setting to match that. It shouldn't be something that's super obvious, but it should still be there. Maybe even just a note telling you where a csv file is that you can edit in the experiments description. |
Actually, I just realized this was a horrible idea and wouldn't account for any fonts you have installed on your system that aren't default... |
I have been using trace https://absolutedouble.co.uk/trace/ on Ungoogled Chromium with all protections turned on and disable javascript to maximize protection. I am not familliar with browser tracking but I am wondering what is the missing puzzle here? |
|
This is an old issue, that didn't show much activity recently — closing. |
Is your feature request related to a problem? Please describe.
Trackers can use the installed system fonts to track you across websites, if you have a unique set of fonts installed (like if you're using linux and are missing one or two default windows fonts. If you're spoofing a windows useagent, this could be used to deanonymize you.)
Describe the solution you'd like
It'd be pretty cool if you could somehow spoof this, so it's impossible to track you using fonts.
According to coveryourtracks.eff.org, js trackers can do this by creating a
<span>tag, and then loading a bunch of fonts and checking if the width changed.So, a simple solution would be to randomize font widths every time they're drawn by ±0.0003% (or possibly more), like you do a few other flags.
(Actually, looking at those flags it seems like it may actually be already doing that, which causes it to match all the fonts, which makes you less unique. Here's a solution for that.)
An alternative solution would be the following:
allow the user to specify a list of fonts (or just use a short list of the most common ones), and generate a random variation at start up, which is applied to only those fonts in the list.
As for the rest of the fonts, it would apply no variation to them, to make it look like you don't have them.
This would make it seem like you're a default windows user with no extra fonts installed.
Describe alternatives you've considered
Alternatively, you could just not do this. I mean yeah, it might be a pain to implement, and I would understand if you think it's too much work.
Additional context
According to bot EFF.og and amiunique.org, the set of fonts that I have installed is very unique and could be used to deanonymize me:
The text was updated successfully, but these errors were encountered: