Pref to block/fake font-readout?
Is there a preference in about:config to fake or simply block websites from reading the font-list of my operatingsystem? I think it is pretty ridiculous anyways that websites can access this information since it has nothing todo with the webbrowser visiting the site but going beyond to spy on information that i consider private.
Same question goes for audio-readout, is there a pref to fake or block?
Réiteach roghnaithe
There is a preference to restrict the fonts sites can "see". Whether this will make your browser less recognizable or more recognizable is hard to say:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste layout.css.font-visibility and pause while the list is filtered
Firefox should display four preferences:
- layout.css.font-visibility.private
- layout.css.font-visibility.resistFingerprinting
- layout.css.font-visibility.standard
- layout.css.font-visibility.trackingprotection
(3) Double-click each preference to display an editing field, and change the value to whatever you prefer from the options below, then press Enter or click the blue check mark button to save the change:
- 1 => only base system fonts (default with resistFingerprinting)
- 2 => also fonts from optional language packs
- 3 => also user-installed fonts (default except with resistFingerprinting)
Reference: https://searchfox.org/mozilla-release/source/modules/libpref/init/StaticPrefList.yaml#7545
Read this answer in context 👍 3All Replies (20)
update: added screenshot
You could do this https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
However it has a few cons like your timezone is reported to be UTC and your Firefox version User Agent will appear as current ESR version (currently Fx 91 ESR) and not as whatever Firefox version you have.
Athraithe ag James ar
Réiteach Roghnaithe
There is a preference to restrict the fonts sites can "see". Whether this will make your browser less recognizable or more recognizable is hard to say:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste layout.css.font-visibility and pause while the list is filtered
Firefox should display four preferences:
- layout.css.font-visibility.private
- layout.css.font-visibility.resistFingerprinting
- layout.css.font-visibility.standard
- layout.css.font-visibility.trackingprotection
(3) Double-click each preference to display an editing field, and change the value to whatever you prefer from the options below, then press Enter or click the blue check mark button to save the change:
- 1 => only base system fonts (default with resistFingerprinting)
- 2 => also fonts from optional language packs
- 3 => also user-installed fonts (default except with resistFingerprinting)
Reference: https://searchfox.org/mozilla-release/source/modules/libpref/init/StaticPrefList.yaml#7545
Thank you jscher2000 as always very helpful reply! I did set all options to value 1 and tested my browser again, somehow the result is the same as before.
Anyways; Is there a pref to also fake/block audio readout? My audio readout appears to be unique always.
And most important, can i block webgl fingerprint readout or fake it? My webgl fingerprint appears to reveal the most amount of bits for identification so i would like to prefent that.
Firefox_Beginner said
I did set all options to value 1 and tested my browser again, somehow the result is the same as before.
In another thread, you mentioned using privacy.resistFingerprinting, so your test probably was limited to system fonts originally. Having the same result as about 5% of people doesn't seem very distinguishing, so that might be the best you can do.
Is there a pref to also fake/block audio readout? My audio readout appears to be unique always.
I replied to an r/Firefox thread a few weeks about on AudioContext fingerprinting but the poster deleted it so now it's impossible to find. I hate that.
Anyway, it can be bypassed by setting dom.webaudio.enabled => false in about:config, but I don't know what sites actually use that API: https://developer.mozilla.org/docs/Web/API/Web_Audio_API
And most important, can i block webgl fingerprint readout or fake it? My webgl fingerprint appears to reveal the most amount of bits for identification so i would like to prefent that.
I don't know about WebGL, but you probably can find suggestions in a web search.
jscher2000 - Support Volunteer said
Firefox_Beginner said
I did set all options to value 1 and tested my browser again, somehow the result is the same as before.In another thread, you mentioned using privacy.resistFingerprinting, so your test probably was limited to system fonts originally. Having the same result as about 5% of people doesn't seem very distinguishing, so that might be the best you can do.
Is there a pref to also fake/block audio readout? My audio readout appears to be unique always.I replied to an r/Firefox thread a few weeks about on AudioContext fingerprinting but the poster deleted it so now it's impossible to find. I hate that.
Anyway, it can be bypassed by setting dom.webaudio.enabled => false in about:config, but I don't know what sites actually use that API: https://developer.mozilla.org/docs/Web/API/Web_Audio_API
And most important, can i block webgl fingerprint readout or fake it? My webgl fingerprint appears to reveal the most amount of bits for identification so i would like to prefent that.I don't know about WebGL, but you probably can find suggestions in a web search.
Having the same result as about 5% out of all users is the best i can get? Well... that sounds damn horrible. Not blaming you ofcourse, but consdering that this is only one of how many various different types of identification options? That's horrible.
Well if it happens often that thread-starters delete their question and solution that's pretty stupid so i would consider removing the delete option. Also i never did that and never will do.
This is going to sound stupid in your ears but what you mean by which sites use the API regarding lockPref("dom.webaudio.enabled", false); is beyond me.
About WebGL fingerprinting, i ofcourse did a websearch on that but couldn't find what i was looking for - a method to fake or block the fingerprinting. What i found about WebGL in general is; WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser. Obviously this doesn't help much.
Update: added screenshot
The screenshot shows two major issues, if anyone can help me find a solution that would be really nice.
Firefox_Beginner said
Having the same result as about 5% out of all users is the best i can get? Well... that sounds damn horrible. Not blaming you ofcourse, but consdering that this is only one of how many various different types of identification options? That's horrible.
Maybe there's an add-on that can randomize the list so you have a different fingerprint on different visits to a site. Otherwise, it is what it is.
This is going to sound stupid in your ears but what you mean by which sites use the API regarding lockPref("dom.webaudio.enabled", false); is beyond me.
I'm saying that if you set that preference to false and disable the Web Audio API, it will disable using AudioContext for fingerprinting. What I don't know is, what might you miss out on as a result of disabling the Web Audio API?
Firefox_Beginner said
The screenshot shows two major issues, if anyone can help me find a solution that would be really nice.
Those could be caused by resistFingerprinting.
You might be able to resolve the second one by manually creating the general.useragent.override preference (String preference) and assigning Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 as the value. It's worth a test.
Note that this 5% is about the database this website maintains that can only contain data from visitors to this website and that is of course limited and doesn't represent every internet user. Each website that reports your uniqueness has this limitation and only websites that daily get millions of visitors can have a large database, so the newer your browser (user agent) is the more distinct you will be as there likely haven't that many visitors yet with the latest browser version and you may very well be the first visitor.
Obviously the website can only compare my fingerprint to those of their visitors which does not represent the whole internet, still 5% is quiet unique making it most likely for the global % to be also somewhat unique. It is logical that new browser version will be more unique for limited amount of time, however since i use resist fingerprinting and most websites think im on v91 my browser should not be that unique..
Anyways i will get back to my question now, how can i block websites or firefox itself from accessing my systemtime? Is there a pref? I want to change this setting because i am using a VPN mostly when i go online, so when a website sees my IP they will also know the timezone of that IP... at the same time the website will see my systemtime... the problem here is self explaining..
Firefox_Beginner said
Obviously the website can only compare my fingerprint to those of their visitors which does not represent the whole internet, still 5% is quiet unique making it most likely for the global % to be also somewhat unique.
I imagine using Firefox puts you in a smaller group than using Windows 10.
Anyways i will get back to my question now, how can i block websites or firefox itself from accessing my systemtime? Is there a pref? I want to change this setting because i am using a VPN mostly when i go online, so when a website sees my IP they will also know the timezone of that IP... at the same time the website will see my systemtime... the problem here is self explaining..
Maybe there is advice on this on the web, but I think you would need a way to override the values returned by the JavaScript Date object to match your preferred time zone. I don't know how difficult that would be.
I have heard to users running Firefox inside a virtual machine, such as https://www.virtualbox.org/, so they can configure their time zone independently from their actual computer.
Indeed more than half of all devices appears to be mobile and only 40%+ desktop pc. Any around 60% of browsers appear to be chrome based from what i found while firefox is far behind. This only shows me how stupid the masses are. One day the future generations will pay the price for all those millions of people using the same browser and same search engine, feeding it with information every single moment, this won't end well. Anyways.. i have no idea how to override the values returned by the javascript data object, this sounds somewhat advanced for me. Do you know a good forum where i could ask these sort of questions?
I already use vmware, but honestly it's ridiculous using a whole new operating system in a virtual machine just to be able and fake the time and date for browsing the web. Yeah it really is ridiculous.
In my opinion firefox should have a builtin setting / preference to either set timezone or completly disable it.
Even Bromite Browser for Android has a setting to change timezone, how come Firefox doesn't ??
You can suggest features changes on https://connect.mozilla.org/
You can file bug reports on https://bugzilla.mozilla.org/
As if anyone who really cares would read my suggestion there, i hardly doubt it. Honestly. Besides, it's impossible im the first person mentioning this. So it's just ridiculous that firefox doesn't allow to change timezone.
The only time I remember it being mentioned before was in this thread: https://support.mozilla.org/questions/1129218
I don't think most people think of it as a mainstream feature. But achieving parity with other browsers sometimes is a reason to implement something.
From a privacy perspective i simply don't want websites to know my system timezone. If i use a VPN which i do all the time these days, any website i visit will know that the timezone from the IP does not match the timezone of my operatingsystem, so they can basically guess that im using a VPN or even guess my real location based on the operatingsystem's timezone... This sucks badly. You might ask why i care and why im so possessed with privacy, i am not. I have nothing to hide and still i don't want bigtech and governments to have access to my personal information, it simply is none of their bussines period.
The fact is that i hope for all of us we take action before it's to late, because none of us want's to end up like china. Mass surveillance and no human rights, slave labour, torture, corruption, dictatorship, this is hell and it's spreading across the globe...
Being able to change the timezone in firefox SHOULD be a basic setting.
Athraithe ag Firefox_Beginner ar
I have already read the thread you sent (https://support.mozilla.org/de/questions/1129218) before i started this thread.
As I mentioned, this is not the site for "should" issues and suggestions.
jscher2000 - Support Volunteer said
You can suggest features changes on https://connect.mozilla.org/ You can file bug reports on https://bugzilla.mozilla.org/