DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Databases
  4. Font Fingerprinting

Font Fingerprinting

Websites may not be able to identify you, but they can probably identify your web browser.

John Cook user avatar by
John Cook
·
Feb. 07, 19 · Tutorial
Like (3)
Save
Tweet
Share
5.47K Views

Join the DZone community and get the full member experience.

Join For Free


Websites may not be able to identify you, but they can probably identify your web browser. Your browser sends a lot of information back to web servers, and the combination of settings for a particular browser are usually unique. To get an idea what information we're talking about, you could take a look at Device Info.

Installed Fonts

One of the pieces of information that get sent back to servers is the list of fonts installed on your device. Your font fingerprint is just one component of your browser fingerprint, but it's an easy component to understand.

Application Fonts

Various applications install their own fonts. If you've installed Microsoft Office, for example, that would be evident in your list of fonts. However, Office is ubiquitous, so that information doesn't go very far to identify you. Maybe the lack of fonts installed with Office would be more useful in identifying someone.

Less common software goes further toward identifying you. For example, I have Mathematica on one of my computers, and along with it Mathematica fonts, something that's not too common.

Personal Fonts

Then there are the fonts you've installed deliberately, many of the free. Maybe you've installed fonts to support various languages, such as Hebrew and Greek fonts for Bible scholars. Maybe you have dyslexia and have installed fonts that are easier for you to read. Maybe you've installed a font because it contains technical symbols you need for your work. These increase the chances that your combination of fonts is unique.

Commercial Fonts

Maybe you have purchased a few commercial fonts. One of the reasons to buy fonts is to have something that doesn't look so common. This also makes the font fingerprint of your browser less common.

Moderate Obscurity

Servers have to query whether particular fonts are installed. An obscure font would go a long way toward identifying you. But if a font is truly obscure, the server isn’t likely to ask whether it’s installed. So the greatest privacy risk comes from moderately uncommon fonts [1].

Advertising

Your browser fingerprint is probably unique unless you have a brand new device, or you've made a deliberate effort to keep your fingerprint generic. So while a site may not know who you are, it can recognize whether you've been there before and customize the content you receive accordingly. Maybe you've looked at the same product three times without buying, and so you get a nudge to encourage you to go ahead and buy.

(It'll be interesting to see what effect the California Consumer Privacy Act has on this when it goes into effect the beginning of next year.)

What About Changes?

Since there's more than enough information to uniquely identify your browser, fingerprints are robust to changes. Installing a new font won't throw advertisers off your trail. If you still have the same monitor size, same geographic location, etc., then advertisers can update your fingerprint information to include the new font. You might even get an advertisement for more fonts if they infer you're a typography aficionado.

Related Posts

  • Bits of information in a zip code
  • Identification by zipcode, sex, and birthdate

[1] Except for a spearphishing attack. A server might check for the presence of fonts that, although uncommon in general, are likely to be on the target’s computer. For example, if someone wanted to detect my browser, in particular, they know I have Mathematica fonts installed because I said so above. And they might guess that I have installed the Greek and Hebrew fonts I mentioned. They might also look for obscure fonts I’ve mentioned in the blog, such as Unifont, Andika, and Inconsolata.

Privacy Act (Canada) application Database IT Computer Inconsolata

Published at DZone with permission of John Cook, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Check Docker Images for Vulnerabilities
  • Bye Bye, Regular Dev [Comic]
  • Kubernetes vs Docker: Differences Explained
  • How Observability Is Redefining Developer Roles

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: