The way they talk about it makes it sound like they invented the written word, but that notwithstanding the fonts actually look really nice in my opinion.
I like Hack as my font of choice, but I will probably give this a shot. It’s a font, there is no risk of data collection, Microsoft style bugs, or other Microsoft-associated product issues.
It’s a font, there is no risk of data collection…
TeamViewer checks for a font their app installs when visiting their website to fingerprint you.
In my web browser I personally use uBlock Origin to just block all remote fonts and browse with a JS disabled by default policy. It’s an annoying but necessary compromise, in my opinion.
Also, in Firefox v118 a new feature was introduced to curtail the font fingerprint route as well: “The visibility of fonts to websites has been restricted to system fonts and language pack fonts to mitigate font fingerprinting in Private Browsing windows.”
I’m sure you know this, but for anyone else scrolling through the comments it is actually ridiculous how much data websites can query and receive to fingerprint users from the web browser. Just look at https://amiunique.org – “WHY IS THIS ALLOWED?” is the question I have asked for many years now.
Fuck me sideways.
Also, I’d remove battery charge metric from the fingerprint. Since it changes over time, I wouldn’t really consider it a good or even usable metric.
“WHY IS THIS ALLOWED?” is the question I have asked for many years now.
Because people want to have features in their web browsers and originally no one really designed the web with security in mind.
https://security.stackexchange.com/questions/91347/how-can-a-font-be-used-for-privilege-escalation
Not a serious rebuttal. But yes, MS has found a way for Windows to be vulnerable to attacks using fonts.
I meant to link the CVE sorry. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402