Font fingerprinting?

I wanted to ask if font fingerprinting poses a risk to TBB users? This is the result I got when viewing Font Fingerprinting - BrowserLeaks in medium security mode, some of which has been removed as I don’t know how sensitive it is. Thanks.

Font-based fingerprinting is something that has been considered while developing Tor Browser (see pt. 6 ‘Fonts’ under ‘Specific Fingerprinting Defenses in the Tor Browser’)


According to the Panopticlick study, fonts provide the most linkability when they are available as an enumerable list in file system order, via either the Flash or Java plugins. However, it is still possible to use CSS and/or JavaScript to query for the existence of specific fonts. With a large enough pre-built list to query, a large amount of fingerprintable information may still be available, especially given that additional fonts often end up installed by third party software and for multilingual support.

Design Goal: Font-based fingerprinting MUST be rendered ineffective

Implementation Status: We investigated shipping a predefined set of fonts to all of our users allowing only those fonts to be used by websites at the exclusion of system fonts. We are currently following this approach, which has been suggested by researchers previously. This defense is available for all three supported platforms: Windows, macOS, and Linux, although the implementations vary in detail.

For Windows and macOS we use a preference, font.system.whitelist , to restrict fonts being used to those in the whitelist. This functionality is provided by setting privacy.resistFingerprinting to true . The whitelist for Windows and macOS contains both a set of Noto fonts which we bundle and fonts provided by the operating system. For Linux systems we only bundle fonts and deploy a fonts.conf file to restrict the browser to use those fonts exclusively. In addition to that we set the* preferences for macOS and Linux to make sure that a given code point is always displayed with the same font. This is not guaranteed even if we bundle all the fonts Tor Browser uses as it can happen that fonts are loaded in a different order on different systems. Setting the above mentioned preferences works around this issue by specifying the font to use explicitly.

Allowing fonts provided by the operating system for Windows and macOS users is currently a compromise between fingerprintability resistance and usability concerns. We are still investigating the right balance between them and have created a ticket in our bug tracker to summarize the current state of our defense and future work that remains to be done.

1 Like

How come Android has been left out? It should really offer the same protection as desktop versions