mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-10 00:12:09 +00:00
More info about fingerprinting via fonts
This commit is contained in:
parent
f1a56e9ec4
commit
8f47970379
2 changed files with 18 additions and 4 deletions
|
@ -42,7 +42,11 @@ It's not a good idea to expect users to automatically override website styleshee
|
||||||
|
|
||||||
### But wouldn't that allow a website to fingerprint with fonts?
|
### But wouldn't that allow a website to fingerprint with fonts?
|
||||||
|
|
||||||
I don't know much about fingerprinting, except that you can't do font enumeration without JavaScript. Since text-based websites that follow these best-practices don't send requests after the page loads and have no scripts, fingerprinting via font enumeration is a non-issue.
|
I don't know much about fingerprinting, except that you can't do font enumeration without JavaScript. Since text-based websites that follow these best-practices don't send requests after the page loads and have no scripts, fingerprinting via font enumeration is a non-issue on those sites.
|
||||||
|
|
||||||
|
Other websites can still fingerprint via font enumeration using JavaScript. They don't need to stop at seeing what sans-serif maps to; they can see all the available fonts on a user's system, the user's canvas fingerprint, window dimensions, etc. Some of these can be mitigated with Firefox's "privacy.resistFingerprinting" setting, but that setting also understandably overrides user font preferences.
|
||||||
|
|
||||||
|
Ultimately, surveillance self-defense on the web is an arms race full of trade-offs. If you want both privacy and customizability, the web is not the place to look; try Gemini or Gopher instead.
|
||||||
|
|
||||||
## About lazy loading
|
## About lazy loading
|
||||||
|
|
||||||
|
|
|
@ -78,15 +78,25 @@ asserting a personal preference.
|
||||||
|
|
||||||
It's not a good idea to expect users to automatically override website stylesheets.
|
It's not a good idea to expect users to automatically override website stylesheets.
|
||||||
Doing so would break websites that use fonts such as Font Awesome to display vector
|
Doing so would break websites that use fonts such as Font Awesome to display vector
|
||||||
icons. We shouldn't expect these users to constantly battle with websites the same way
|
icons. We shouldn't expect these users to constantly battle with websites the same
|
||||||
that many adblocking/script-blocking users (myself included) already do.
|
way that many adblocking/script-blocking users (myself included) already do.
|
||||||
|
|
||||||
### But wouldn't that allow a website to fingerprint with fonts?
|
### But wouldn't that allow a website to fingerprint with fonts?
|
||||||
|
|
||||||
I don't know much about fingerprinting, except that you can't do font enumeration
|
I don't know much about fingerprinting, except that you can't do font enumeration
|
||||||
without JavaScript. Since text-based websites that follow these best-practices don't
|
without JavaScript. Since text-based websites that follow these best-practices don't
|
||||||
send requests after the page loads and have no scripts, fingerprinting via font
|
send requests after the page loads and have no scripts, fingerprinting via font
|
||||||
enumeration is a non-issue.
|
enumeration is a non-issue on those sites.
|
||||||
|
|
||||||
|
Other websites can still fingerprint via font enumeration using JavaScript. They
|
||||||
|
don't need to stop at seeing what sans-serif maps to; they can see all the available
|
||||||
|
fonts on a user's system, the user's canvas fingerprint, window dimensions, etc. Some
|
||||||
|
of these can be mitigated with Firefox's `privacy.resistFingerprinting` setting, but
|
||||||
|
that setting also understandably overrides user font preferences.
|
||||||
|
|
||||||
|
Ultimately, surveillance self-defense on the web is an arms race full of trade-offs.
|
||||||
|
If you want both privacy and customizability, the web is not the place to look; try
|
||||||
|
Gemini or Gopher instead.
|
||||||
|
|
||||||
About lazy loading
|
About lazy loading
|
||||||
------------------
|
------------------
|
||||||
|
|
Loading…
Reference in a new issue