What are the privacy implications of enforcing an obscure font browser-wide (Firefox)? Are the website aware that they’re not using some generic/default font?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
First of all, you can assume the server can infer this in a number of ways - there is actually no way to fully block it, but we can try.
The main issue for privacy is that it makes your browser behave in ways that are a bit too specific (i.e. less private by comparison with the rest of the browsers in the known universe).
As for techniques the site can use
By the away not downloading the fonts also makes you “less private”. Some of this is a stretch but not impossible.
Now for a more practical problem. Lots of sites use custom fonts for icons. Which means some sites will be very hard to use, because they only display buttons with an icon (actually a letter with a custom font).
FWIW these two lines are in my Firefox profile to disable downloads and skip document provided fonts:
If someone has better/different settings please share.
Finally the Tor browser folks did good work on privacy protections over FF. Maybe their issue tracker is a good source of inspiration https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18097
Perhaps more importantly, websites can determine which fonts are installed on your system (regardless of which you’re enforcing), making fingerprinting much easier.
Literally why is this necessary on a technical level. I’m a web developer, whenever I need my JavaScript to access a resource I have to spell out where to find it. I’ve never had a need to scan the browser or the system to make shit happen so why should I be able to in the first place.
RFP probably ensures you give out a predetermined set of fonts as installed.
The websites will just think that it’s your default font.