The way they talk about it makes it sound like they invented the written word, but that notwithstanding the fonts actually look really nice in my opinion.

  • GnuLinuxDude@lemmy.mlOP
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    In my web browser I personally use uBlock Origin to just block all remote fonts and browse with a JS disabled by default policy. It’s an annoying but necessary compromise, in my opinion.

    Also, in Firefox v118 a new feature was introduced to curtail the font fingerprint route as well: “The visibility of fonts to websites has been restricted to system fonts and language pack fonts to mitigate font fingerprinting in Private Browsing windows.”

    I’m sure you know this, but for anyone else scrolling through the comments it is actually ridiculous how much data websites can query and receive to fingerprint users from the web browser. Just look at https://amiunique.org – “WHY IS THIS ALLOWED?” is the question I have asked for many years now.

    • Amju Wolf@pawb.social
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      “WHY IS THIS ALLOWED?” is the question I have asked for many years now.

      Because people want to have features in their web browsers and originally no one really designed the web with security in mind.

      • duncesplayed
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Some of it is incredibly difficult to imagine how to do in a private way, too.

        For example, my browser can display AVIF images. If my browser announces in the Accept “hey, I’m able to display AVIF images. Please send me AVIF images if you have them rather than JPEG”, that helps to identify me, since most browser don’t display AVIF, which sucks. But I really want to get AVIF images: they’re efficient. So how do I announce that I want AVIF images without announcing that I want AVIF images?

        Some of the other web features were well-intentioned but have just ended up being useless. Like your browser also announces what language you prefer. Like “hey if you a German version of this text, please send it to me in German, thanks”. But for some reason EVERY WEBSITE IGNORES THIS and just says “oh you speak Spanish and English but you’re travelling in Russian right now? HOPE YOU LIKE READING RUSSIAN FUCKER”. So it’s 100% only used for invading privacy now.

        Some of the tracking mechanisms never should have been allowed in the first place (like timezone and which fonts I have installed), but some of them (like Accept) I can’t think of how to do in a secure way.

    • derpgon@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Fuck me sideways.

      Also, I’d remove battery charge metric from the fingerprint. Since it changes over time, I wouldn’t really consider it a good or even usable metric.

      • wizardbeard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Could be used in combination with other metrics to identify a specific user’s movements through a site over time, if the other metrics aren’t unique enough.

        • derpgon@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Possibly, but when you have time as a realiable metric already, you dont need another metric that ticks down at an unknown and inconsistent speed, and goes up once in a while. Hell, I keep my laptop plugged 99% of the time.