Sure would be nice if Mozilla had an option for "only announce the standard vanilla web fonts".
Check out firegloves. It's outdated, and I'd love to see it getting some love, but it's a great POC for anti-fingerprinting in Firefox. Still works with Iceweasel 20, so it's aged well for an apparently unmaintained academic project. Among the key features; a restricted set of fonts sent to sites, possibly including cycling the fonts randomly to confuse fingerprinting by recurrent font-lists. Note though, it breaks some websites in a manner akin to fascist-maxima-noscript. So you'll sometimes need to disable it; Paypal is a good example. User-agents are the devil, though, because whatever about other sources of browser entropy, the User Agent is a big honking bonus score every site gets for zero effort. Worse, most efforts to minimise User-Agents can end up maximising them instead, and there don't seem to be any *current* lists of "most common user-agent string" to work from to reduce entropy. I've set mine to a super-generic-looking Windows/Firefox setting, but as other people upgrade their browsers and OSes and as architectures get more diverse, browser UAs are getting more and more diverse, too.. I vote we ditch them entirely and just assume that all browsers to HTML5 or GTFO. On Sun, 13 Oct 2013 17:06:22 -0700 Bill Stewart <bill.stewart@pobox.com> wrote:
Date: Sun, 6 Oct 2013 11:11:46 -0700 From: Don Marti <dmarti@zgp.org>
Translation: "Fine, you smug cookie-blocking nerds. We're going to go all browser fingerprinting on you." ... Unfortunately, Firefox appears to be highly fingerprintable.
One reason Firefox is highly fingerprintable is that it sends a list of your available fonts to the web server so the server can format its pages with cool fonts instead of boring fonts if you're able to read them. That often turns out to be surprisingly unique, at least if you like fonts, and AFAIK it's not just the fonts you've configured into your browser, it's the fonts configured into your computer.
For instance, my work PC has a font for the $DAYJOB corporate logo, and has since acquired a couple more fonts so I can display their newer marketing presentations correctly in Powerpoint, plus it's got the dozen or two different monospace console fonts I was trying out to find a good one for programming use, and the usual collection of Bocklin and Dwarvish and Tibetan that old hippies usually have on our computers, just in case we might need to count to nine billion or have an appropriate password entry form. When I first tested it with the panopticlick tool, it was unique; there are now a couple other similar machines (but that's "my machine's IE", "my machine's Firefox", and "my machine running Win7 with the Long Term Support version of Firefox that Corporate IT department makes us use", so it's still unique in reality.)
Sure would be nice if Mozilla had an option for "only announce the standard vanilla web fonts".