[linux-elitists] Browser fingerprinting

[Bill Stewart]

>Date: Sun, 6 Oct 2013 11:11:46 -0700
>From: Don Marti <dmarti at zgp.org>
>
>Translation: "Fine, you smug cookie-blocking nerds.
>We're going to go all browser fingerprinting on you."
>...
>Unfortunately, Firefox appears to be highly fingerprintable.

One reason Firefox is highly fingerprintable is that it sends a list 
of your available fonts to the web server so the server can format 
its pages with cool fonts instead of boring fonts if you're able to 
read them.  That often turns out to be surprisingly unique, at least 
if you like fonts, and AFAIK it's not just the fonts you've 
configured into your browser, it's the fonts configured into your computer.

For instance, my work PC has a font for the $DAYJOB corporate logo, 
and has since acquired a couple more fonts so I can display their 
newer marketing presentations correctly in Powerpoint, plus it's got 
the dozen or two different monospace console fonts I was trying out 
to find a good one for programming use, and the usual collection of 
Bocklin and Dwarvish and Tibetan that old hippies usually have on our 
computers, just in case we might need to count to nine billion or 
have an appropriate password entry form.  When I first tested it with 
the panopticlick tool, it was unique; there are now a couple other 
similar machines (but that's "my machine's IE", "my machine's 
Firefox", and "my machine running Win7 with the Long Term Support 
version of Firefox that Corporate IT department makes us use", so 
it's still unique in reality.)

Sure would be nice if Mozilla had an option for "only announce the 
standard vanilla web fonts".