Firefox 52 Privacy and Fonts

Question

My understanding is that Firefox 52 was to include features which increased privacy while browsing the web. Specifically, it was going to include a feature which limited the number of system fonts viewable to third parties (via javascript, I believe).

However, using EFF's Panopticlick too, I can see very little change in the fonts viewable before upgrading to 51 and after upgrading to 52.

Below is a screen grab of part of what I see with Firefox 52.

Compare to what I see with the Tor Browser.

So, what gives? Shouldn't the System Fonts seen with Firefox 52 be the same as for the Tor Browser?

One reference I have for this is here where it says "The new change that will launch with Firefox 52 is an optional parameter that you can configure to restrict font access."

I looked in about:preferences#privacy for an option regarding fonts, but don't see one. So, where is this parameter and how do I configure it?

I'm on 64bit Ubuntu 16.04 LTS.

UPDATE:

I did a fresh install of firefox, purging the old one, and started a new profile. No change. I installed Random Agent Spoofer, which has options to Limit Detectable Fonts; and that worked for the fonts. However, Panopticlick still shows my fingerprint as unique.

Tor browser, however, does not.

So, I guess it's firefox for things I have to log in to use (because they have a much simpler way of tracking me), and Tor for everything else.

Any chance you're messing up browser versions? I currently get the desired result with FF52 (a very short list of system fonts) on Linux. — Arminius, Mar 09 '17 at 17:56
From my about: Firefox 52.0 (64-bit) Mozilla Firefox for Ubuntu canonical - 1.0 — Bill Kronholm, Mar 09 '17 at 17:59
Can you reproduce it when creating a fresh Firefox profile? (`firefox -P --no-remote`) — Arminius, Mar 09 '17 at 18:03
Extra info in case it helps: the only extension I have installed is uBlock Origin. (Well, that and Ubuntu Modifications.) — Bill Kronholm, Mar 09 '17 at 18:10
I might be missing something that's specific to Ubuntu. If you think it's a bug you might want to file it at https://bugzilla.mozilla.org — Arminius, Mar 09 '17 at 18:20
@dandavis they did not. I created that variable, set the value to the same as the output from using Tor browser (Wingdings 2, Wingdings 3), re-ran the EFF test, same results. — Bill Kronholm, Mar 09 '17 at 22:33
Does this answer your question? [How can you change "system fonts" in Firefox (to increase own safety & privacy)?](https://security.stackexchange.com/questions/138517/how-can-you-change-system-fonts-in-firefox-to-increase-own-safety-privacy) — Adam Katz, Mar 13 '20 at 20:10

sleske · Answer 1 · 2017-03-22T20:47:53.577

I looked in about:preferences#privacy for an option regarding fonts, but don't see one. So, where is this parameter and how do I configure it?

Well, you should have read the complete article you linked :-). It says:

You need to do the following to use a system font whitelist in Firefox:

Type about:config in the browser's address bar and hit the Enter-key afterwards. Confirm that you will be careful if the warning prompt is displayed.

Right-click in the main pane listing all preferences, and select "New > String" from the context menu.

Name the new parameter font.system.whitelist

Now add fonts to the whitelist separated by comma: Helvetica,Courier,Verdana is a valid value for instance.

If I do this in my (recent) version of Firefox on Windows 7, the list of fonts displayed by Panopticlick changes as expected.

Before, Panopticlick lists over 40 fonts, both the standard Windows fonts and fonts installed by applications. Afterwards, it only lists "Courier, Helvetica, MS Sans Serif, MS Serif, Times". I'm not sure why the list is different from the whitelist, but the feature does work.

I also tested on Debian Linux, with similar results.

Note that this whitelist not only restricts the list obtainable by web sites, it means Firefox will really not use other fonts for rendering, so sites may use different fonts because of this. Whether that is a problem or a bonus is for you to decide.

If that does not work for you, check whether you are running a different version of Firefox, with different features. Some Linux distributions, for example, create (or used to create) their own version of Firefox.

Try installing the regular version from https://www.mozilla.org/en-US/firefox/new/ (you can just unpack it anywhere you like and run it). Create a fresh profile on startup, and check again.

I'm not in front of that machine right now. But the build is from the Ubuntu repos (16.04). I get the expected response in a private browser, but not in my regular browser. Same response with a clean, new profile. — Bill Kronholm, Mar 22 '17 at 21:10
No luck with a separate binary; same results. But the separate install seemed to be using my same plugins/history/etc. — Bill Kronholm, Mar 23 '17 at 00:45
@BillKronholm: That means you did not use a new profile. Start Firefox [Profile Manager](https://developer.mozilla.org/docs/Profile_Manager) by running `/path/to/firefox -P`, then create a new profile. — sleske, Mar 23 '17 at 06:48
@BillKronholm: Well, at least it should no longer use the same history etc. with a new profile. If the problem persists with a fresh install & fresh profile, I'm out of ideas, sorry. — sleske, Mar 23 '17 at 20:42
"Now add fonts to the whitelist separated by comma: Helvetica,Courier,Verdana is a valid value for instance." Inhibits the display of many characters and symbols: http://www.rapidtables.com/math/symbols/Basic_Math_Symbols.htm — Looby Looe, Oct 06 '17 at 09:02

Firefox 52 Privacy and Fonts

1 Answers1