What is Font Fingerprinting_ A Detailed Guide!
Websites often gather information about your device to improve user experience. While this is true, it is not the full truth. In reality, websites use this information to uniquely identify and track your browsing habits. Additionally, there's a risk that your device's fingerprint may be sold to cybercriminals.
One piece of information that contributes heavily to your browser fingerprint is your device's fonts. Using font fingerprinting, websites determine how to display content to you in the best way. But that’s not the only use of font fingerprinting.
This blog explains everything from what is font fingerprinting to the types and techniques used for it. You also get to know how to beat font fingerprinting. So stick along and read further.
What is Font Fingerprinting?
Font fingerprinting is a sneaky technique used by websites and online trackers to identify and track users based on the unique set of fonts installed on their devices. When you visit a website, it scans your device to see which fonts you have installed, without telling you, of course.
By comparing this information with a database of known fonts and their variations, the website can create a unique font fingerprint of you. These profiles are then used for targeted advertising, user tracking, and even more intrusive practices such as content censoring or price discrimination.
Font fingerprints can be quite accurate because most people have a unique combination of fonts installed on their devices. Even if you disable cookies or use private browsing mode, font fingerprinting can still identify you across different sessions.
Font fingerprinting has a far greater distinguishing power than other components of a browser fingerprint. The set of installed fonts on your device provides one of the highest entropy - a measure of fingerprintability - towards making your fingerprint unique.
Don’t take our word for it, verify it yourself. Simply visit AmIUnique.org and see a detailed view of your browser fingerprint. Each fingerprint attribute has its “similarity ratio” mentioned against it that shows what proportion of users have identical attribute values as yours.
The “List of fonts” attribute typically has an extremely small similarity ratio compared to other attributes as shown below.
Due to this distinguishing power, websites keep tabs on you using your system fonts list by executing hidden scripts under your nose.
Font Fingerprinting Techniques
Websites conduct font fingerprinting by checking the fonts installed on your device. When you visit a website, coding scripts automatically get executed in the backend to collect information about the fonts your browser can display.
Let’s explore further exactly what techniques websites use for font fingerprinting.
Font Enumeration
Font enumeration is the most straightforward approach to font fingerprinting.
It works by using JavaScript to inspect the fonts available on a user's system. When a user visits a website, the website's code executes within the browser environment. This code includes instructions to enumerate fonts by utilizing the FontFaceSet interface or similar methods. Here are the steps involved in this technique;
-
First, the website triggers the enumeration process by calling JavaScript functions designed to ask the browser for installed fonts. The browser responds by providing a list of fonts available for rendering text.
-
Next, the website collects this information, often alongside other fingerprinting techniques, such as canvas fingerprinting or TLS fingerprinting. The collected font data is then transmitted back to the website's server, including the following information:
-
Font Family, for example, “Helvetica”
-
Font Name, for example, "Helvetica Oblique"
-
PostScript Name, for example, "HelveticaOblique"
-
Style, for example, "Regular"
-
Sizes
-
Finally, the website analyzes this font data to create a unique fingerprint for the user's browser. This fingerprint can include details such as the specific combination of fonts installed, their order, and even subtle variations in rendering behavior.
Font Detection
This is a more advanced and rather complex method of font fingerprinting. Instead of directly requesting the browser to enumerate the system fonts, this technique carries out tests to see if a specific font is installed on a user's system.
Here's how the process works:
-
The website initiates the font detection by instructing the browser to render a paragraph of text using the font in question.
-
After the text is rendered with the specified font, the website measures the size of the rendered text element. This measurement computes the width and height of the rendered text.
-
The website compares the size of the rendered text with a reference size. If the rendered text size matches the reference size, it indicates that the specified font is likely installed on the user's system.
-
Font detection may involve iterative testing with different fonts or variations of fonts. The website may try multiple fonts and measure the rendered text size for each font to determine which fonts are installed on the user's system.
Canvas-Font Fingerprinting
This method goes a step ahead and uses a more sophisticated technique. The technique is very widespread and generates a very unique fingerprint. For instance, take a look at this long list of websites (over 3,000) that have been found tracking users through canvas fingerprinting.
Here’s how canvas fingerprinting works;
-
The website instructs the browser to draw text onto a hidden canvas element using a specific font.
-
After rendering the text, the website extracts the pixel data from the canvas, representing how the text looks when displayed.
-
The pixel data is then hashed into a unique identifier using algorithms like SHA-256. This hash serves as the fingerprint for the font rendering.
-
The website compares this fingerprint against a database of known font renderings. If a match is found, it indicates the presence of the specific font on the user's system.
-
The website uses the hash code from this method to track and identify users across different browsing sessions and websites.
The text used for font rendering in this technique usually contains all the letters of the alphabet (also known as a pangram) such as “Cwm fjordbank glyphs vext quiz”. However, the specific string of text may vary based on website scripts.
To witness it yourself, visit this site and notice the GIF representing how the canvas image varies between 35 different users despite having the same text.
Types Of Fonts On Your Device
Typically each user has hundreds of installed fonts on PC or mobile. For instance, revisit AmIUnique and note the number of device fonts it has detected.
To verify the accuracy of this font detection, simply go to Settings > Personalization > Fonts if you use Windows, and count the number of fonts. You’ll be surprised to see how accurate the number is.
Now you might wonder how you got so many device fonts in the first place. Well, let's explain why you have such a long list of fonts on PC.
System Fonts
System fonts are the default fonts that come pre-installed on your device. These fonts are provided by the operating system and are available for use across various applications and programs. Arial, Times New Roman, and Helvetica are among the common system fonts.
Although the lists of system fonts may be similar to some level among users of the same operating system, subtle differences may still exist due to different versions or installation methods.
Application Fonts
Application fonts are installed by specific software applications on your device. These fonts are typically used within the applications themselves and may not be accessible system-wide. For example, design software like Adobe Photoshop may install its own set of fonts for use within the program.
Application fonts can influence font fingerprinting by adding additional fonts to the device's font library. Since different users may have different sets of applications installed, the presence of different fonts on PC, or lack thereof can contribute towards a unique fingerprint.
Personal Fonts
Often users manually install certain fonts on their devices for personal needs. These fonts may include fonts for supporting different languages such as Arabic or Hebrew, custom fonts for design projects, or specialized fonts such as the dyslexia-friendly font.
Personal fonts go the farthest in making your font fingerprint unique since they are usually very uncommon or non-standard.
How To Beat Font Fingerprinting?
After knowing what is font fingerprinting and how unique identity it creates, you might want to get rid of it. While it is hard to beat font fingerprinting given the robustness of this technique, there are still some solutions around.
One of the most effective ways is to use an anti-detect browser like AdsPower. AdsPower not only has a way to tackle font fingerprinting but it also has measures to avoid browser fingerprinting.
Since blocking sites from font detection would be counterproductive because it’ll make your fingerprint more unique as a very small number of users globally may have taken the same step, AdsPower innovates by generating a random list of fonts different from your actual device fonts.
This randomness helps generate a new fingerprint every time and thus prevents websites from knowing your actual fingerprint.
Want to use AdsPower? Simply sign up for free, download it, and start blocking websites from fingerprinting you.
다른 사람이 읽은 항목
- Cross Browser Fingerprinting: User Tracking On Steroids
- Browser Fingerprinting vs Cookies: What’s The Difference?
- What are HTTP Headers: Understanding Key Players of Client-Server Communication
- Breaking Down What Is A User Agent: UA Components & How To Look It Up
- How to Avoid Browser Fingerprinting: A Comprehensive Guide