Skip to main content

Firefox 52: Better Font Fingerprinting Protection

Mozilla plans to integrate better font fingerprinting protection in Firefox 52; the new version of the web browser is scheduled for a March 7, 2017 release. The changes are already live in pre-release versions of the web browser.

Font fingerprinting refers to one of the many fingerprinting options that websites and services have when users connect to them.

The web browser reveals information during connect which the site or service may record. The core idea behind browser fingerprinting is to create a unique profile of a browser by using one, some or many parameters that are retrievable publicly.

Tip: You can run browser fingerprinting tests like Browserprint or Panopticlick to find out about what your browser reveals on connect.

Firefox 52: Better Font Fingerprinting Protection

browser font fingerprinting

If you check for system fonts using a service like Panopticlick, you will get the list of supported fonts returned. This test requires only JavaScript to function, and has nothing to do with Adobe Flash's method of returning fonts as well.

The screenshot above confirms that system fonts are revealed to sites using JavaScript currently. This is true for all Firefox channels, even development channels.

The new change that will launch with Firefox 52 is an optional parameter that you can configure to restrict font access.

So, instead of returning all fonts installed on the operating system, Firefox would only return the fonts that you have whitelisted.

Side note: one could say that restricting fonts might make you even more unique, considering that the vast majority of browsers won't return only some or even no fonts at all. Also, being too restrictive may change fonts that the browser uses as well. Finally, some fonts appear to be added regardless of your choice currently. Adding only Helvetica to the whitelist for instance returned Courier, MS Sans Serif, Sans Serif and Times as well. It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated.

firefox 52 font fingerprinting protection

You need to do the following to use a system font whitelist in Firefox:

  1. Type about:config in the browser's address bar and hit the Enter-key afterwards.
  2. Confirm that you will be careful if the warning prompt is displayed.
  3. Right-click in the main pane listing all preferences, and select New > String from the context menu.
  4. Name the new parameter font.system.whitelist.
  5. Now add fonts to the whitelist separated by comma: Helvetica, Courier, Verdana is a valid value for instance.

The change takes effect immediately. You may notice that fonts change in the browser UI or on websites as a response

You can follow the feature's progress on Bugzilla

This article was first seen on ComTek's "TekBits" Technology News

HOME