These are the visual aids I used to deliver a talk on font metric–based fingerprinting on January 26, 2015 at Financial Cryptography and Data Security 2015.

For the full paper see: https://www.bamsoftware.com/papers/fontfp.pdf.

Fingerprinting
web users through
font metrics

University of
California, BerkeleyDavid Fifield, University of
California, Berkeley
International Computer
Science InstituteSerge Egelman

Device fingerprinting?

Tracking you after you delete your cookies.

Tracking you after you change your IP address.

Uses measurements such as the User-Agent string, screen size, time zone, fonts, browser plugins—even things like CPU architecture and graphics card.

Try these:
https://panopticlick.eff.org/
https://amiunique.org/

Mainstream browsers don’t defend against even well-known attacks.

A device fingerprinting attack based on measuring the dimensions of Unicode glyphs that is The idea:
Æ Æ Æ Æ Æ Æ
default serif sans-serif monospace cursive fantasy
(CSS generic font families)

Related: font probing
test reference
text text 














































































Effectiveness



1,016 Mechanical Turk users.

(Max. possible entropy = 9.99 bits.)




User-Agent gives 5.15 bits; 175 distinct; 11% unique.




Font metric fingerprinting gives 7.60 bits; 444 distinct; 34% unique.




User-Agent plus font metrics gives 8.06 bits; 531 distinct; 43% unique.








Entropy












Where does the variation come from?


    

  1. Unicode is big and complex.
    2. 

  2. Text rendering is subtle and complex.
    3. 

  3. Fonts vary across systems.
    4. 








Unicode is big




















U+2603






http://unicodesnowmanforyou.com/


http://☃.net/


















U+2603
U+26C4
U+26C7






What else?




bi-directional
noncharacters




combining characters
unassigned code points




private use













Code point selection



125,776 code points, whittled down to 43.















U+20B9INDIAN RUPEE SIGN


U+2581LOWER ONE EIGHTH BLOCK


U+20BATURKISH LIRA SIGN


U+A73DLATIN SMALL LETTER AY


U+FFFDREPLACEMENT CHARACTER


U+20B8TENGE SIGN


U+05C6HEBREW PUNCTUATION NUN HAFUKHA


U+1E9ELATIN CAPITAL LETTER SHARP S


U+097FDEVANAGARI LETTER BBA


U+F003Private Use Area


U+1CDAVEDIC TONE DOUBLE SVARITA


U+17DDKHMER SIGN ATTHACAN


U+23AEINTEGRAL EXTENSION


U+0D02MALAYALAM SIGN ANUSVARA


U+0B82TAMIL SIGN ANUSVARA


U+115AHANGUL CHOSEONG KIYEOK-TIKEUT


U+2425SYMBOL FOR DELETE FORM TWO


U+302EHANGUL SINGLE DOT TONE MARK


U+A830NORTH INDIC FRACTION ONE QUARTER


U+2B06UPWARDS BLACK ARROW


U+21E4LEFTWARDS ARROW TO BAR








U+20BDRUBLE SIGN


U+2C7BLATIN LETTER SMALL CAPITAL TURNED E


U+20B0GERMAN PENNY SIGN


U+FBEEARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM


U+F810Private Use Area


U+FFFFSpecials


U+007FDELETE


U+10A0GEORGIAN CAPITAL LETTER AN


U+1D790MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA


U+0700SYRIAC END OF PARAGRAPH


U+1950TAI LE LETTER KA


U+3095HIRAGANA LETTER SMALL KA


U+532DCJK Unified Ideographs


U+061CARABIC LETTER MARK


U+20E3COMBINING ENCLOSING KEYCAP


U+FFF9INTERLINEAR ANNOTATION ANCHOR


U+0218LATIN CAPITAL LETTER S WITH COMMA BELOW


U+058FARMENIAN DRAM SIGN


U+08E4ARABIC CURLY FATHA


U+09B3Bengali


U+1C50OL CHIKI DIGIT ZERO


U+2619REVERSED ROTATED FLORAL HEART BULLET














Text rendering is complex



complex text layout

+‌ু++‌া++‌ী = রুপালী











hinting/antialiasing







hardware rendering




Firefox about:support on Windows














“The raster tragedy at low resolution”

Beat Stamm, Microsoft Typography (orig. 1997)
















https://www.microsoft.com/typography/tools/trtalr.aspx

http://www.rastertragedy.com/













Fonts vary across systems






sans-serifsans-serif









VerdanaVerdana















Defense



Ship standard fonts with the browser, and use no fonts but those
(i.e., don’t snarf random system fonts).




Normalize rendering settings (hinting, antialiasing, etc.) as much as possible.




Requires sensitivity to the needs of many writing systems.




Work in progress at
https://bugs.torproject.org/13313.














In the same Mechanical Turk experiment, we simulated the defense of using only
browser-supplied fonts (by using standardized webfonts).
The entropy due to font metrics dropped from 7.60 bits
to 4.96 bits, lower than User-Agent.









Device fingerprinting is not insurmountable—but it’s a question of tradeoffs.
(Recall CSS history sniffing.)




Fingerprinters have to work harder for worse results—that’s good!






fifield@eecs.berkeley.edu




git clone https://repo.eecs.berkeley.edu/git-anon/users/fifield/fontfp.git




https://www.bamsoftware.com/papers/fontfp.pdf




😁