Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Glyps not spoofed #13

Open
Kraxys opened this issue Sep 2, 2022 · 1 comment
Open

Glyps not spoofed #13

Kraxys opened this issue Sep 2, 2022 · 1 comment

Comments

@Kraxys
Copy link

Kraxys commented Sep 2, 2022

Just realized that this program in last months got several updates 👍

I installed the last 2.2 version on W10, and tested with a non customised FF Portable 104.

The app seems to work quite well.

Maybe 2 things you could improve:

  1. the delay betwen 2 fonts spoofings varies from 2mn to 40 mn.... Could you make the upper limit adjustable (at least for testing purpose... it's really a pain to have to wait sometimes 40 mn when testing).

  2. Tests on browserleaks show that the font fingerprint varies, but the unicode glyphs fingerprint remain always the same. Would'nt be a way to spoof it too?
@da2x
Copy link
Owner

da2x commented Sep 2, 2022

the delay betwen 2 fonts spoofings varies from 2mn to 40 mn.... Could you make the upper limit adjustable (at least for testing purpose... it's really a pain to have to wait sometimes 40 mn when testing).

No. For testing purposes, you can change the interval and compile a test copy. It’s not a feature anyone will ever use, so it would only add cruft. The number of fonts to generate is set here and the wait interval here.

The randomized interval is a compromise for power saving and doesn’t contribute (much) to the fingerprinting protection. It’s impossible to predict when the next fingerprint will be sampled. Ideally, the app should continuously be spewing out new fonts all the time. But that would be pointless 99.99999999% of the time, waste resources, and decrease the lifetime of your device. So, the program picks a wait interval at random and goes to sleep. The average wait time is 11 minutes on mains power and 21 minutes on battery. (Battery detection doesn’t work on Windows, so you’re always assumed to be on A/C.)

Tests on browserleaks show that the font fingerprint varies, but the unicode glyphs fingerprint remain always the same. Would'nt be a way to spoof it too?

The fonts doesn’t contain any glyphs at all, so this is the expected result. They just contain the metadata required to be recognizd as a valid font with a unique randomized name. That tests extracts a few characters from your browser’s default fonts of different styles and fingerprints them. You’d never set a font generated by Fluxfonts to be your default font, so it won’t modify that fingerprint.

The most common fingerprinting method is to iterate the installed fonts by name and fingerprint the resulting list. That’s the only scenario Fluxfonts protects against.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@da2x @Kraxys