Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Easy. The limit should be for 2 fonts, unless you load them your self


You don't seem to realize that the fingerprinting has nothing to do with what fonts you load from a page. It's what fonts you have installed on your machine.


The font-face attack in the article requires loading the font from a remote location. A JS font numeration attack works with local fonts. That would need a different mitigation in the browser, but browsers could, for example, have an array limited to three elements that JS gets when it asks for a font list, or just return the system default fonts, or just say no. A permission to get the full list would be necessary for things like browser-based editors and design software, but it'd still be worth it in my opinion. It would be a huge win for privacy.

The fact is very few websites use more than three fonts at a time on any particular page, and most sites than do could rework their design so they don't (swapping icon fonts for an SVG font map, for example), or they could implement a canvas or WebGL alternative.


I think icon fonts and custom icon fonts (like I build) are a huge win for web designers, a giant leap over embedded SVG or images as they can be scaled with CSS and without any SVG embedding or code; and they're tiny and don't need progressively larger files (like images). Yeah obviously there are workarounds but it's such a good tool that blowing it up because someone could use it for nefarious tracking purposes is equivalent to blowing up images. Hey how about we limit all Ajax calls until a user confirms. Or make them confirm every HTTP header one by one. You want to go after fonts? Shit, we've really fucked up civilization if we have to make everything in Arial or Times New Roman just to protect people from being tracked.


don't need progressively larger files (like images)

SVGs are vectors so they aren't larger at larger sizes, and they can be responsive so you don't always have to display the same image at every size.


Also, fingerprinting is not necessarily an attack at all. I use it frequently to see whether a user is logging in from an unknown box, in which case we'll require secondary authentication. It's actually not a bad thing if you're using it as one part of a verification process to secure user accounts. It only gets bad if you track people around with it or share those prints with other sites to aggregate behavioral data. I use it regularly to keep my own customers safe.


That's a great point! And all the more reason for why the user should be able to allow or disallow it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: