Discussion regarding new privacy update of language/font stuff

Should the new feature have user font randomization? As far as I know, practically 99.9% of users do not intsall custom font on their device.

Integration with Shields

In both default and aggressive configurations, Brave will allow websites to access all Web fonts, OS fonts for your current top language preference, and a randomly selected (i.e. farbled) set of user fonts. As with all of Brave’s fingerprint randomization protections, the set of user fonts the page can access is randomly determined for each site and for each browser session; a site will always be able to access the same fonts during the same browser session.

The thought came from when a user noted it in a reddit discussion about the topic. See his second comment in the thread. (Avoid his debate in the first comment, but only see his second comment)

@pes

(@289wk what do you think?)

I’m not sure I understand the claim being made. Web sites generally do not assume the presence of users fonts (since most users wont have any particular fonts), so I do not expect any “added inconvenience” when browsing the Web. Far and away the most common use for querying for non-standard fonts is fingerprinting.

What is the inconvenience folks are worried about?

Should the new feature have user font randomization? As far as I know, practically 99.9% of users do not install custom font on their device.

  1. This is exactly what makes these fonts so identifying when they are present
  2. More users have these present than you’d expect, since many applications install additional fonts as well, unknown to users.

So to protect 0.01% brave browser users, should 99.99% users send extra data (randomized) to servers/websites?

I guess it seems reasonable (to some extent)(but can’t say for sure).

As you are in the conversation, I wanted to point something out…

https://teddit.net/r/BATProject/comments/u0jc7s/sushiswap_engineer_on_brave/

https://nitter.kavin.rocks/MatthewLilley/status/1513162900915081222

https://chromium.googlesource.com/chromium/src/+/main/docs/idn.md

The recent tags says ’ Important backlog (do these first!)’, so it might be still pending. Considering Brave is also a ‘crypto browser’ it may be important to fastrack it)

That part, written by Brave Software, raises a question regarding the mechanism by which “Brave will allow websites.”

The writing suggests that Brave will allow a website elevated access to an area on your computer, that is outside the boundaries wherein Brave Browser itself, resides and has access.

Immediately following that, is another sentence that sends a mixed message, because of the following part:

“As with all of Brave’s fingerprint randomization protections, the set of user fonts the page can access . . .”

One moment, websites have access; and the next moment, “the page” has access.

That begs some questions:

Are there different mechanisms of such access? Are the mechanisms, elevated access?

What is meant by, “the page?”

All browsers allow access to browser fonts, system fonts, user fonts to website servers, as I understand it.

It is perfectly normal.

They also allow access to langauge preference, timezone etc. That is also perfectly normal.

Brave is not doing something sketchy or out of the box by allowing access to fonts.

So to protect 0.01% brave browser users…

Again, I do not think this is correct. I expect it to be closer to 10% or 25%. This is slightly out of date at this point, but this 2015 paper found ~34% of measured users to have uniquely identifying fonts. I’m familiar with several other papers in the area

coveryourtracks.com (EFF’s project) finds that there are ~17 bits of identification based on the diversity of user fonts too

users send extra data (randomized) to servers/websites?

Just to clarify, Brave is exposing (not sending) strictly less information with pages with this change. By default Chromium allows sites to access all user fonts on a device. With this change Brave, Brave now allows sites to learn of a random (and changing) subset of user fonts.

All browsers allow access to browser fonts, system fonts, user fonts to website servers, as I understand it.

Currently, of the major browsers, only Safari and Tor Browser prevent pages from learning about user fonts. After this change Brave will also prevent users from being fingerprinted based on user fonts (though in a different technique, one we think provides stronger protections against fingerprinting based identification)

2 Likes

Thank you for your time.

The same research paper is also cited by Wikipedia, https://en.wikipedia.org/wiki/Device_fingerprint#cite_note-Fifield2015-47.
https://doi.org/10.1007%2F978-3-662-47854-7_7
https://sci-hub.se/10.1007/978-3-662-47854-7_7

Personally, I thought that users will not install custom user fonts on their devices and the number will be around 99%. Most users I presume do not know what fonts even are. I think, various applications on the device later on may install fonts (user fonts) on their own without the consent of the user, thus increasing the percentage above 10%.
The same is said in the brave blog post:-

  • User Fonts : Additional fonts installed by the user, either directly (downloading and installing a font from a website) or indirectly (because other software on your computer has installed fonts, e.g. office suites, presentation editing tools, or image editing software). These are most useful for fingerprinting.

If the percentages are correct, (reference to 10-25, 34%) then I would say it is reasonable to randomize the user font data.

I have participated in the beta testing of this feature on the nightly/beta channel. Will report if I find anything.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.