Understanding and Preventing Font Fingerprinting
What is a browser fingerprint?
Browser fingerprints (or digital fingerprints) are the set of information collected by websites about the user's browser and device. Browser fingerprint is used for unique visitor identification. This method is employed for tracking users on the Internet, even if they clear cookies or use incognito mode. There are several detection techniques that browsers resort to.
Examples of fingerprinting techniques?
Canvas Fingerprinting: This technique involves creating a hidden < canvas > element on a web page. The user's browser draws an image on this element, and the website reads pixel data. Variations in rendering (due to hardware and software differences) create a unique fingerprint.
WebGL Fingerprinting: This method leverages WebGL capabilities for graphics creation and rendering. Similar to canvas fingerprinting, the rendering differences can be used to create a unique fingerprint.
Audio Fingerprinting: The browser generates sound (usually inaudible) and analyzes its rendering. Microvariations in audio systems and their processing enable device identification.
Browser Plugin Fingerprinting: In this case, it reads the list of installed browser plugins and extensions. Unique combinations of plugins allow creating a browser fingerprint.
HTTP Headers Fingerprinting: The browser analyzes HTTP request headers, such as User-Agent, Accept-Language, Referer. These headers may contain information that allows distinguishing one user from another.
CSS Fingerprinting: This technique uses CSS (Cascading Style Sheets) to measure and analyze the sizes of elements and fonts. Differences in style rendering can create a unique fingerprint.
WebRTC Fingerprinting: This technique uses WebRTC to obtain the local IP addresses of the device. It can reveal additional information about the user's network.
Font Fingerprinting: This technique examines the presence and rendering of specific fonts. Differences in installed fonts and their rendering can be used to create a unique browser fingerprint.
What are the techniques for tracking Font fingerprints
Websites use a method called font fingerprinting to identify the set of fonts installed on your device. When you visit a website, scripts invisibly run in the background to automatically gather data about the fonts displayed by your browser.
Below are techniques for tracking font fingerprints.
CSS Font Loading Technique
This technique uses cascading style sheets (CSS) to load and check for the presence of fonts.
How it works:
A hidden element is created on the web page with text, to which a specific font is applied. If the font is installed on the user's device, the text will be rendered with that font; if not, a fallback font will be used. The web page measures the size and style of the text to determine if the font is installed.
JavaScript Font Detection Technique
This method uses JavaScript to create hidden elements with text and apply different fonts.
Principle of operation:
An element with a base font (e.g., monospace) is created. Then the text size with the base font is measured. Afterwards, the test font is applied, and the text size is measured again. If the sizes are different, it means that the font is available on the device.
Flash-Based Font Detection Technique
Adobe Flash is used in this technique to determine installed fonts.
Work process:
A Flash object can access system resources and check installed fonts. The list of available fonts is then transmitted back to the server.
It is worth noting that this technique has its advantages and disadvantages.
Advantages: Accurate font identification.
Disadvantages: Flash is outdated and no longer supported by most browsers, making this technique practically obsolete.
HTML5 Canvas Font Detection Technique
In this method, the < canvas > element is used for rendering text with different fonts and measuring their sizes.
Operating principle:
An element "canvas" and a context for drawing text are created. The text is drawn with a base font (e.g., monospace) and its size is measured. Then the text is drawn with the test font and measured again. If the sizes differ, it means the font is available on the device.
Undetectable.io - HTML5 Canvas Font Detection Technique
Classification of Detected Fonts
In most cases, each user already has a specific set of fonts installed on their computer or mobile device. To check their quantity, you can visit browserleaks. This is a service for checking browser fingerprint.
Next, we will tell you which fonts can be pre-installed on your devices.
System Fonts
System Fonts are fonts that are pre-installed in the operating system and are used to display text in the user interface and applications. They are part of the standard set of fonts provided with the operating system and are intended to ensure compatibility and consistent text display across various devices. Some popular system fonts include Arial, Helvetica, DejaVu Sans.
Application Fonts
Application fonts are fonts that are installed and used by specific applications, rather than the operating system as a whole. They are intended to enhance the appearance and functionality of text elements within specific applications.
Application fonts can impact font fingerprinting by adding uniqueness and variability to the set of fonts on a device. Using non-standard or unique fonts that are not installed in the default operating system makes the fingerprint less common and more detailed. These particular fonts can be detected when checking for font availability, indicating the installation of specific applications. Websites can gather information about both system and application fonts, enabling the creation of more precise and unique browser digital fingerprints for tracking users.
Personal Fonts
Personal Fonts are fonts created, customized, or used by individual users or organizations to meet their specific needs. Unlike system and application fonts, personal fonts are not pre-installed in the operating system or applications by default, but are added by users themselves.
Personal fonts affect the digital fingerprint of a browser by adding unique characteristics that are rarely found on other devices, making the browser fingerprint more accurate and unique. Their presence can be used for precise identification and tracking of the user across various websites and applications.
How to bypass Font Fingerprint
To bypass font fingerprinting and protect your privacy, you can use the following methods:
Using anti-detection browsers:
Anti-detection browsers, such as Undetectable, are specially designed for replacing the browser's digital fingerprint. They completely alter font information to complicate identification.
Disabling JavaScript:
Since many fingerprinting techniques of fonts use JavaScript to check for the presence of fonts, disabling JavaScript can prevent these checks. However, this may disrupt the functioning of some websites.
Using Browser Extensions:
Extensions such as Privacy Badger or NoScript may block scripts attempting to detect installed fonts, thus protecting against fingerprinting.
Changing browser settings:
Some browsers allow you to manage access to fonts. For example, in Firefox, you can restrict sites' access to system fonts through privacy settings.
Using Virtual Machines or Containers:
Launching web sessions in a virtual machine or container with a minimal set of fonts helps isolate the main set of system fonts from websites, thereby making it difficult to create an accurate browser fingerprint.
How can font substitution occur in an anti-detection browser like Undetectable?
In Undetectable, you can control your browser's digital fingerprint and all its components. When creating a new profile, in the advanced settings section, you can choose how each parameter of the fingerprint will be generated, including the font.
Emulate - this option is usually set by default. When selected, the font will be taken from your browser antidetect configurations.
System - choosing this option - the font will be taken from your system
Random - recently, an option to randomize the parameters of the digital fingerprint has been added to the program. By enabling it, the font fingerprint parameters will be generated randomly each time a profile is created, rather than being taken from the configuration.
What are browser configurations and how are they better than regular fingerprints in other anti-detection browsers.
A configuration is a carefully curated set of data based on real browsers and devices. When you choose a specific configuration when creating a browser profile, all unique fingerprints of your system are replaced with the fingerprints from that configuration. This means that your profile will look just like a real user, providing maximum anonymity and security. Due to its "reality," using such configurations allows you to avoid blocks and detections.
Why are configurations like Undetectable better than simple imprints on other antiques?
Fingerprint generation in other anti-detection browsers occurs randomly, often without considering the user's operating system, which can lead to the appearance of non-existent browser fingerprint combinations. For example, when working on Windows, your fingerprint may contain parameters from other operating systems.
Our approach is unique in that the basis of each created profile's fingerprint is a real configuration. This excludes unlikely combinations of fingerprint parameters, thus increasing the likelihood of bypassing anti-fraud systems. Each configuration is used by only one person, minimizing the risk of duplication and increasing the level of anonymity. As a result, your profiles look as natural as possible and match real devices.
At Undetectable, you are provided with free configurations, the number of which depends on the chosen tariff. There is also a config store where, if desired, you can purchase additional configurations.
As a result
Font fingerprinting is a powerful method of user identification on the Internet, based on the analysis of installed fonts and their rendering features. This technique allows websites to collect unique data about the user's system, making it one of the key tools for tracking even when using private browsing modes or clearing cookie files.
The importance of understanding font fingerprinting methods like CSS Font Loading, JavaScript Font Detection, Flash-Based, and HTML5 Canvas Font Detection is undeniable. These techniques allow identifying a unique set of fonts on a user's device, creating an accurate and unique fingerprint.
To protect against font fingerprinting and maintain anonymity, it is important to use specialized tools such as anti-detection browsers. These solutions allow for the spoofing of system fingerprints using real browser and device data, making the identification process significantly more complex. In particular, the anti-detection browser Undetectable offers the ability to finely adjust fingerprint parameters, including fonts, enhancing the level of your protection.