I remember thinking how strange it is that websites can know all of your installed fonts when I was playing around with https://coveryourtracks.eff.org/ and https://www.amiunique.org/
I’m on linux and I have some extra fonts installed. Just the combination of them alone is so unique to me that you don’t need anything else.
The second big one for me is how shocking I find it that timezone spoofing isn’t standard, now that so many people use VPNs. Why would someone connecting from Sweden have their clock set to GMT? Etc
One known problem is that on Firefox for Linux, every font you install via the package manager becomes a System Font, and thus is immediately “visible” as soon as Use Document Fonts is enabled, irrespective of the setting for CSS font visibility. I’ve even asked about here if it is possible to run multiple fontservers on a single session, as that would help palliate the fingerprinting by running Firefox profiles connected to different font lists.
As a relatively useful alternative, you can have Firefox profiles on different users, each having their own fontset available at
.local/share/fonts, but for that to work you also have to remove all those extra fonts you installed via the package manager.Oh interesting I wasn’t aware of how all of these things work. So even on the strictest CSS font visibility setting system fonts are not hidden (provided Document Fonts is enabled)? Local fonts I assume are hidden?
From comments in the bug report I got the feeling they should have, but aren’t; proably because of intrinsic issues with what it means to be a “system” component.
I have no means to test in Firefox Linux if local fonts are hidden because I don’t know what makes a font “local” either. Any font placed where the fontserver looks for them (be it system paths or
.local/share/fonts) seems to count as “system”, which is why I specifically suggest using.local/share/fontswith different users: it’s the only path where you can offer variability. More importantly, CSS font visibility settings seem to mostly be intended for Javascript-based fingerprinting, and they do not work at all against CSS-based fingerprinting.I am pending to raise an issue ticket to make it so that “Use Document Fonts” becomes a Site Preference instead of a Global Preference; that should go a very long way to enhance privacy in these cases. Once I do, I’ll link it here.
Hopefully this helps to get around some of the bullshit reddit banning
why not stop using reddit once and for all?
brave have it, but it doesnt look it will, reddit is too smart for that. you need things to spoof you fingerprint, IP address, device and components. im on a forum where they use anti-detect browser(not an actual browser, but to open instances of a browser using different ip/devices,etc) to manage all of this, plus you need an reddit account thats not tainted. i think reddit is too used to mozilla already, things adspower, dolphin anty, is one of many that does this.
I got identified on Brave immediately
Opera worked for me