43

I know there were some previous (similar) questions to this, I have read them all and also tried but nothing has really helped (maybe because it was outdated information).

What I did was I went to: https://panopticlick.eff.org to see my digital fingerprint on the internet. I have realized that the main reason I'm identified as "unique" is information that "System Fonts" provide. The site says that only 1 of 160000 browsers have the same fonts like me which is really bad.

My question, is there actually a way to reduce / delete / edit System Fonts in Firefox?

I went to that page using Tor Browser and realized it has way less System Fonts than me on Firefox which is why it's less unique.

What I have already tried and did not work (but might still be good to increase your safety and anonymity):

  • disable flash

  • go to about:config and set "plugins.enumerable_names" to empty string

  • on your computer, find your flash folder, edit mms.cfg and add this: DisableDeviceFontEnumeration = 1


Any other ideas? This is really frustrating, I know we cannot fully protect our privacy but we can surely at least make it a bit harder for others.

Edit: Thanks to WhiteWinterWolf: On Firefox you can remove most system fonts (and thereby reduce fingerprint) by going to task bar, write: "about:config". Then there you type in search: "browser.display.use_document_fonts" and you modify this and set it either to 0 or just leave it blank. I still like to know another way where you can remove specific fonts by your own decision or even add some (without deleting them from your own computer).

Edit: Here is my evaluation (I didn't use Tor, I didn't use proxy!), tried the entire day using the provided answers here and that's the best result so far (I'm still not happy about the result but I thought I will just share it with you. Reduced from about 1:175000 to 1:21000 isn't bad actually!)

enter image description here

tenepolis
  • 533
  • 4
  • 7
  • 1
    although you want to defeat browser fingerpinting, the question itself is not a security question but a Firefox config/use/internal question – schroeder Oct 02 '16 at 17:32
  • 6
    It's not? Because I'm trying to improve my own security with this question. Also for other people because this should be useful for everyone who cares about privacy. Deleting / locking this would be a shame, look at the given answers they are great, every single one! – tenepolis Oct 02 '16 at 18:21
  • 1
    the application of answers are for security, but the core question is not – schroeder Oct 02 '16 at 19:54
  • The screenshot you added already show pretty good values, I don't think you can really expect to go lower. See the "Notes" I added to the end of my answer for more information. – WhiteWinterWolf Oct 02 '16 at 20:07
  • By the way, regarding the issue raised by @schroeder, I don't want to talk in his name but as per my understanding I think the question is more whether this post should be migrated elsewhere like on SuperUser (as dealing with a end-user software) than being closed / deleted (as this is a good question, but potentially off-topic on here). – WhiteWinterWolf Oct 02 '16 at 20:30
  • 1
    Their [about page](https://panopticlick.eff.org/about) gives a link for [more information on how this score is derived](https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy). I'm not a math guy, so don't ask me to explain its content ;) ! – WhiteWinterWolf Oct 02 '16 at 20:34
  • @WhiteWinterWolf: Looking at the above table and the link you give, what remains unclear is what assumptions they make about the degree of correlation between the variables, though since the bits clearly add up to a lot more than 14.9 they certainly do something about it. – PJTraill Oct 03 '16 at 12:46
  • 1
    @PJTraill They do not add-up because there are interdependence relationships between some values. For instance, there is a relation between the *User Agent* and the *HTTP_ACCEPT headers* since Internet Explorer and Firefox will most likely not use exactly the same headers (that's why spoofing only the User Agent without the modifying also the other headers is a bad idea BTW), like the starsign and birthday used in the linked paper. However, I have the impression that the exact implementation and formula used isn't published. – WhiteWinterWolf Oct 03 '16 at 13:30

4 Answers4

17

On Firefox, you may want to try the Random Agent Spoofer addon.

IMHO, this module is poorly named, probably for historical reasons, since the agent spoofing feature is completely optional and maybe not even the most interesting one.

This module should be merely seen as an anti-tracking module, gathering both specific features and Firefox tracking-related settings in a single place (including so-called "advanced" settings, like disabling WebRTC). Most Panopticlick tracking criteria can be found in its settings.

The list of available fonts can be restricted by setting Options > Standard options > Limit detectable fonts. Setting this option may however slightly alter website's look, but this should not have any major impact on usability.

While you are here, I also recommend to try disabling canvas support (Options > Script injection options > Disable canvas support) as this should tremendously improve your Panopticlick score. I'm using this since several months without noticing any impact of this setting, but YMMV.

Regarding the actual agent spoofing feature, I'm not very happy how this was implemented by this module. If you are on Windows, I would recommend letting this disabled. If you are on another OS, you may want to try to show yourself as the same Firefox version but on Windows (sadly you will have to manually select the version and manually change it after updates, that's precisely why I think this feature could be improved).

I do not recommend using randomly changing User-Agents (or even worse randomly changing screen sizes) or simulating a different browser than Firefox (as long as tracking is concerned, this may be useful for other purposes). This may be counter-productive: the goal of anti-tracking is not to make you randomly changing, as this will make you stand-out, the goal is on the contrary to blend in by looking similar to the crowd.

Do not hesitate to rely on Panopticlick's breakdown (the Show full results for fingerprinting link appearing at the end of the analysis) to determine which technique allows to most uniquely identify you. The most effective techniques will be the one you may want to address first, until you get to a reasonable privacy level.

While you play with this module, be aware that some settings may impair usability, or even break some websites. Nothing to be wary of, but just keep this in mind when you face some issues while browsing: check your own settings before blaming the website developer ;) !

Note:

Please note that I used the term reasonable privacy level, and nothing like "perfect" or "full" privacy: there is no way to be perfectly untrackable.

On a standard browser, you usually see in the "one in x browsers have this value" column from Panopticlick result details values reaching (tens of) thousands, which means that the corresponding technique alone statistically allows to uniquely identify your computer in large sets: these are the values you need to avoid since they are basically just candy for trackers.

Given the number of different hardware, operating systems, browsers, settings and versions out there, you cannot reasonably expect values below a few dozens.

If the reason behind this is not clear to you: imagine you are with two other users, a Mac user and a Windows user, which system should you impersonate so a tracking engine could mistake you for both?

This is just impossible: they are different, you cannot be equal to both. Say you are a Linux user, a third OS type, instead showing up as such show yourself as a Windows user: a tracker will still be able to distinguish you from the Mac user (hence the bits of identifying information will never be zero), but it will not be able to distinguish you (using this technique) from the Windows user (hence a lower value than if you showed up as the only Linux machine in this set of three).

The more diversity, the more identifiable become you browser without any chance to become "like everybody else". That's why on the Tor network it is recommended to not modify the Tor browser settings, in order to keep this diversity as low as possible and therefore making tracking as hard as possible.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • Thank you also very much! Now I got 3 very worthful answers already, I really appreciate that :-) This plugin is really interesting. It does really block most of the fonts but for some reason it doesn't really help (aka doesn't reduce / remove my uniqueness. Bit size of detection is still same as without this addon..) – tenepolis Oct 02 '16 at 17:21
  • I installed the RAS extension and limited detectable fonts—I had a huge number of them—as well as followed most of your other advice. I also disabled plugin detection since I have many of those installed. It only lowered my bits of identifying information from 17.1 to 16.2. Needless to say, I'm not impressed. – martineau Oct 02 '16 at 18:56
  • @tenepolis This feature limits the fonts to a basic set, I suppose something similar to fonts coming with a vanilla Windows installation. If you did not add any unusual font on your system, this feature will indeed change little to nothing since you are already using a basic font set. However, if you do some artwork for instance and installed a dozen or hundreds supplementary fonts on your system, this font set identify you uniquely and in this case this feature will be welcome. – WhiteWinterWolf Oct 02 '16 at 18:58
  • @martineau The summary value doesn't mean a lot that's why I suggested to check the details in the breakdown to see the effect of each individual setting; the *"one in x browsers have this value"* is particularly tangible, more I think than the bits count. In my case, disabling canvas and showing as a Windows box made all values in this column go below 1000. Faking fonts and disabling french would decrease the highest value to 33, but I personally consider this too impacting compared to the relatively low benefit. – WhiteWinterWolf Oct 02 '16 at 19:20
  • Anyone knows how this "Random Agent Spoofer" changed the System Fonts? As it seems, it's not necessary going the way John Deters has recommended (delete some fonts in Windows) although it's very good to know (it works, I have tried it all today). There must be an easier way and this addon makes use of it. But how? – tenepolis Oct 02 '16 at 19:40
  • So what is the overall magic to not end up unique unique? Is it to change always (a little change) in your browser so your fingerprint changes by doing it? Or is it just trying to have the most general settings (but this would still not make you unique regarding your description and I understand why, now). Edit: I wanted thank everyone again for all your answers. – tenepolis Oct 02 '16 at 20:19
  • 1
    @tenepolis: I'm not used to develop Firefox addons, but according to [Random Agent Sppofer source code](https://github.com/dillbyrne/random-agent-spoofer/blob/fa2c0885a58f4a974fc930e818f92c7e897cdf72/data/html/options-panel.html) the *Limit detectable fonts* parameter is linked to Firefox's advanced option *browser.display.use_document_fonts* ("documented" [here](http://kb.mozillazine.org/About:config_entries), if I can call this a documentation...). – WhiteWinterWolf Oct 02 '16 at 20:25
  • WhiteWinterWolf: I _have_ been looking at the details, not just the summary. There's nothing listed that would account for the 16.21 bits of information. The largest value for "one x browsers" number is 2804.78 for Browser Plugin Details (which is a little more that 12 bits). The computed value must be combined somehow with the rest of values together forming a unique combination. Again, I find the results of using this browser extension completely underwhelming as far as Panopticlick is concerned. – martineau Oct 02 '16 at 20:27
  • 1
    @tenepolis: changes do not work, as the least breach will allow respawning or [zombie](https://en.wikipedia.org/wiki/Zombie_cookie) cookies (cookies that are recreated after deletion because trackers managed to re-identify you despite your efforts). The only way is to look like anyone else, and try to avoid contacting trackers (using adblockers or similar). – WhiteWinterWolf Oct 02 '16 at 20:48
  • 2
    @WhiteWinterWolf you said that this was in the source: browser.display.use_document_fonts. I have looked that up in about:config and then modified it to blank / null. This reduced my current bit (16.2) by 1. For some reason, it's much more effective than the addon itself hehe ^^ Deleted it (the plugin) now and my fingerprint got even more general, very nice man! – tenepolis Oct 02 '16 at 20:48
  • Update: FWIW, I just uninstalled the Firefox "Random Agent Spoofer" extension because it was somehow interfering with playing youtube videos and only the audio could be heard. – martineau Oct 04 '16 at 00:29
  • 1
    As of 2020, this extension no longer exists. Consider using the `font.system.whitelist` key in `about:config` instead. – Adam Katz Mar 13 '20 at 20:51
8

The fonts installed on a system (and thus accessible to the browser) are a property of the system and not of the browser. And I'm pretty sure that you don't need to have flash to find out if a specific font is installed or not, i.e. some CSS and JavaScript is probably enough:

  • Have some text with the font set to font1 and alternative font2 which is very different from font1.
  • Have the same text with font set to font2
  • Compare pixel length of the text with JavaScript: if they are the same then font1 is probably not installed.

This is really frustrating, I know we cannot fully protect our privacy ...

There are lots of ways to track a user. While this specific one could probably be disabled by switching off all active content (JavaScript, Flash...) others need you to disable caching (i.e. Etag tracking) etc. For way more but still incomplete information how you can be tracked see Technical analysis of client identification mechanisms.

... but we can surely at least make it a bit harder for others.

The techniques needed to fight tracking often impact the user more than the one who is doing the tracking. Unless collecting these information is prohibited by law the user is usually the loser.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • @tenepolis: User-Agent changing will not help against Etag tracking. Instead you would need to disable all caching. – Steffen Ullrich Oct 02 '16 at 13:50
  • @tenepolis: I'm not aware how this specific implemenation of Etag tracking is done and I don't know what the side effects are of some extension you use to change your User-Agent (some extension clear the cache when changing the User-Agent to deter such attacks). But tracking with Etag only relies on caching and not on a specific User-Agent. Instead of Etag also the Last-Modified header could be used. – Steffen Ullrich Oct 02 '16 at 13:53
  • 1
    Sounds like the only way to near-completely stop tracking is to not store _any_ client-side state and disable all active content. – Demi Oct 02 '16 at 23:19
  • @Demi But what about your IP address? And your browser user agent? And the fact that you don't store any client-side state and disable all active content? – wizzwizz4 Oct 05 '16 at 06:27
6

On a Windows system, you can "hide" fonts using the Fonts control panel found under the Appearance and Personalization settings. Windows normally hides the fonts that are not for your keyboard language, but you can choose to hide or expose whichever fonts you want. Once hidden, your browser can no longer enumerate them.

Then the real trick is figuring out a safe list of fonts to expose, so you can blend in with a crowd of similarly configured browsers and systems. You generally want to emulate a default OS installation with no other apps. I don't know if EFF provides that data, though.

Alternately, you can randomly hide/unhide some fonts between browsing sessions, so you will appear as a different system each time you browse. Generally, I think tracking systems are often programmed like any other automated system: they probably are looking for an exact match, not a close match.

The primary drawback is that when you hide a font in your system, that font is gone from all your applications. If you are using this same system for artwork, you may not want to give up so many of your fonts.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Thanks a lot for your answer! If I read your answer it sounds like it's not possible to just delete some of the installed fonts in the fonts folder? Or I understood you wrong here? – tenepolis Oct 02 '16 at 15:12
  • You absolutely can delete fonts from the Control Panel. Just hit DEL and they're gone. But if you delete them, you won't be able to easily recover them. It's probably easier and safer to hide them. – John Deters Oct 03 '16 at 01:29
  • Not all Windows fonts can be easily deleted, some are considered protected system fonts, and can't be deleted without [taking extra steps.](http://answers.microsoft.com/en-us/windows/forum/windows_7-desktop/removing-foreign-language-fonts/60f5ac05-182e-438f-88e4-2a7432d8e161) – barbecue Oct 03 '16 at 02:23
  • @barbecue I went to registry of Windows, looked for the fonts folder in local machine and deleted the "tough" fonts from there and it worked :D However, at the end, there were 2 fonts left because I couldn't find them anywhere to delete (it was something like "MS Sans Serif" and "Cambria"). But if you decide to do it make sure you safe all your fonts first before deleting some of them. – tenepolis Oct 03 '16 at 07:29
3

As of Firefox 52, there's a feature to specify exactly what fonts get reported

  1. Type about:config in the browser's address bar and hit the Enter-key afterwards.

  2. Confirm that you will be careful if the warning prompt is displayed.

  3. Right-click in the main pane listing all preferences, and select New > String from the context menu.

  4. Name the new parameter font.system.whitelist.

  5. Now add fonts to the whitelist separated by comma: Helvetica, Courier, Verdana is a valid value for instance.

The change takes effect immediately. You may notice that fonts change in the browser UI or on websites as a response.

This changed my "bits of identifying information" from System Fonts from 8.28 to 6.74... but made the ticks and crosses in panopticlick's web page not render right.

Reference: https://www.ghacks.net/2016/12/28/firefox-52-better-font-fingerprinting-protection/

Greg Bell
  • 131
  • 3