Advertisement

Fingerprinting Web Users Through Font Metrics

  • David Fifield
  • Serge Egelman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8975)

Abstract

We describe a web browser fingerprinting technique based on measuring the onscreen dimensions of font glyphs. Font rendering in web browsers is affected by many factors—browser version, what fonts are installed, and hinting and antialiasing settings, to name a few—that are sources of fingerprintable variation in end-user systems. We show that even the relatively crude tool of measuring glyph bounding boxes can yield a strong fingerprint, and is a threat to users’ privacy. Through a user experiment involving over 1,000 web browsers and an exhaustive survey of the allocated space of Unicode, we find that font metrics are more diverse than User-Agent strings, uniquely identifying 34 % of participants, and putting others into smaller anonymity sets. Fingerprinting is easy and takes only milliseconds. We show that of the over 125,000 code points examined, it suffices to test only 43 in order to account for all the variation seen in our experiment. Font metrics, being orthogonal to many other fingerprinting techniques, can augment and sharpen those other techniques.

We seek ways for privacy-oriented web browsers to reduce the effectiveness of font metric–based fingerprinting, without unduly harming usability. As part of the same user experiment of 1,000 web browsers, we find that whitelisting a set of standard font files has the potential to more than quadruple the size of anonymity sets on average, and reduce the fraction of users with a unique font fingerprint below 10 %. We discuss other potential countermeasures.

Keywords

Conditional Entropy Code Point Currency Symbol Font Style Standard Font 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

We thank Mike Perry for suggesting the idea of testing what code points lack font coverage as a means of fingerprinting, and for guidance during development of the test code; Gunes Acar for extensive conversation on this technique and fingerprinting in general; Georg Koppen for comments on a draft of this paper and on the history of font measurement; Alex Kantchelian for advice regarding information gain measurements; Kamil Jozwiak, Benjamin Smedberg, and John Daggett for help regarding fonts in Firefox; and the tor-assistants mailing list for help testing Tor Browser.

Supplementary material

References

  1. 1.
    DejaVu fonts full changelog (version 2.34). http://dejavu-fonts.org/wiki/Full_changelog
  2. 2.
  3. 3.
  4. 4.
    Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The Web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 21st ACM conference on Computer and Communications Security (CCS 2014), November 2014. https://securehomes.esat.kuleuven.be/gacar/persistent/the_web_never_forgets.pdf
  5. 5.
    Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: Proceedings of the 20th ACM conference on Computer and Communications Security (CCS 2013), November 2013. https://www.cosic.esat.kuleuven.be/publications/article-2334.pdf
  6. 6.
    Czyborra, R.: GNU Unifont. http://unifoundry.com/unifont.html
  7. 7.
    Daggett, J.: CSS fonts module level 3. Candidate recommendation, W3C, October 2013. http://www.w3.org/TR/2013/CR-css-fonts-3-20131003/
  8. 8.
    Eckersley, P.: How unique is your web browser? In: Proceedings of the 10th Privacy Enhancing Technologies Symposium, pp. 1–18, July 2010. https://panopticlick.eff.org/browser-uniqueness.pdf
  9. 9.
    Fifield, D.: #13313: Enable bundled fonts in Tor Browser, October 2014. https://trac.torproject.org/projects/tor/ticket/13313
  10. 10.
    FontShop International: OpenType user guide, April 2012. https://www.fontfont.com/staticcontent/downloads/FF_OT_User_Guide.pdf
  11. 11.
    Heiderich, M., Niemietz, M., Schuster, F., Holz, T., Schwenk, J.: Scriptless attacks: Stealing the pie without touching the sill. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 760–771. ACM, New York, NY, USA (2012). http://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf
  12. 12.
    Kim, D.: Detection and prevention of web-based device fingerprinting. In: 2014 IEEE Symposium on Security and Privacy, May 2014. http://www.cs.utexas.edu/dkim/papers/webfingerprint-poster_sp14.pdf
  13. 13.
    Libertine Open Fonts Project: Linux Libertine. http://www.linuxlibertine.org/
  14. 14.
    Lie, H.W., Çelik, T., Bos, B., Hickson, I.: Cascading style sheets level 2 revision 1 (CSS 2.1) specification. W3C recommendation, W3C, June 2011. http://www.w3.org/TR/2011/REC-CSS2-20110607
  15. 15.
    Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting information in JavaScript implementations. In: Wang, H. (ed.) Proceedings of W2SP 2011. IEEE Computer Society, May 2011. https://cseweb.ucsd.edu/hovav/dist/jspriv.pdf
  16. 16.
    Mowery, K., Shacham, H.: Pixel perfect: Fingerprinting canvas in HTML5. In: Fredrikson, M. (ed.) Proceedings of W2SP 2012. IEEE Computer Society, May 2012. https://cseweb.ucsd.edu/hovav/dist/canvas.pdf
  17. 17.
    Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E.: Fast and reliable browser identification with javascript engine fingerprinting. In: Web 2.0 Workshop on Security and Privacy (W2SP), May 2013. http://www.sba-research.org/wp-content/uploads/publications/jsfingerprinting.pdf
  18. 18.
    Navara, E.D., Berjon, R., Leithead, T., O’Connor, E., Pfeiffer, S., Faulkner, S.: HTML5. Candidate recommendation, W3C, February 2014. http://www.w3.org/TR/2014/CR-html5-20140731/
  19. 19.
    Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 541–555. SP 2013, IEEE Computer Society, Washington, DC, USA (2013). https://seclab.cs.ucsb.edu/media/uploads/papers/sp2013_cookieless.pdf
  20. 20.
    Patel, L.: JavaScript/CSS font detector, March 2007. http://www.lalit.org/lab/javascript-css-font-detect/
  21. 21.
    Perry, M.: #2872: Limit the fonts available in TorBrowser, April 2011. https://trac.torproject.org/projects/tor/ticket/2872
  22. 22.
    Perry, M.: Bug 732096 - Add a preference to prevent local font enumeration, comment 18, March 2012. https://bugzilla.mozilla.org/show_bug.cgi?id=732096#c18
  23. 23.
    Perry, M., Clark, E., Murdoch, S.: The design and implementation of the Tor Browser. Technocal report, Mar 2013. https://www.torproject.org/projects/torbrowser/design/
  24. 24.
    Russell, K.: Issue 66078: Background tabs with webgl slow down browser due to missing flow control, December 2010. https://code.google.com/p/chromium/issues/detail?id=66078
  25. 25.
    Unicode Inc: Blocks (Unicode character database), April 2014. http://www.unicode.org/Public/7.0.0/ucd/Blocks.txt
  26. 26.
    Unicode Inc: DerivedAge (Unicode character database), May 2014. http://www.unicode.org/Public/7.0.0/ucd/DerivedAge.txt
  27. 27.
    Zbarsky, B.: Bug 633421 - Clamp setTimeout/setInterval to something higher than 10ms in inactive tabs, February 2011. https://bugzilla.mozilla.org/show_bug.cgi?id=633421

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.University of CaliforniaBerkeleyUSA
  2. 2.International Computer Science InstituteBerkeleyUSA

Personalised recommendations