this post was submitted on 09 Nov 2023
536 points (95.7% liked)

Technology

35126 readers
130 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

The way they talk about it makes it sound like they invented the written word, but that notwithstanding the fonts actually look really nice in my opinion.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 1 year ago (3 children)

I like Hack as my font of choice, but I will probably give this a shot. It's a font, there is no risk of data collection, Microsoft style bugs, or other Microsoft-associated product issues.

[–] [email protected] 38 points 1 year ago (2 children)

It's a font, there is no risk of data collection...

TeamViewer checks for a font their app installs when visiting their website to fingerprint you.

https://www.ctrl.blog/entry/teamviewer-font-privacy.html

[–] [email protected] 15 points 1 year ago (3 children)

In my web browser I personally use uBlock Origin to just block all remote fonts and browse with a JS disabled by default policy. It's an annoying but necessary compromise, in my opinion.

Also, in Firefox v118 a new feature was introduced to curtail the font fingerprint route as well: "The visibility of fonts to websites has been restricted to system fonts and language pack fonts to mitigate font fingerprinting in Private Browsing windows."

I'm sure you know this, but for anyone else scrolling through the comments it is actually ridiculous how much data websites can query and receive to fingerprint users from the web browser. Just look at https://amiunique.org -- "WHY IS THIS ALLOWED?" is the question I have asked for many years now.

[–] [email protected] 6 points 1 year ago (1 children)

"WHY IS THIS ALLOWED?" is the question I have asked for many years now.

Because people want to have features in their web browsers and originally no one really designed the web with security in mind.

[–] [email protected] 4 points 1 year ago

Some of it is incredibly difficult to imagine how to do in a private way, too.

For example, my browser can display AVIF images. If my browser announces in the Accept "hey, I'm able to display AVIF images. Please send me AVIF images if you have them rather than JPEG", that helps to identify me, since most browser don't display AVIF, which sucks. But I really want to get AVIF images: they're efficient. So how do I announce that I want AVIF images without announcing that I want AVIF images?

Some of the other web features were well-intentioned but have just ended up being useless. Like your browser also announces what language you prefer. Like "hey if you a German version of this text, please send it to me in German, thanks". But for some reason EVERY WEBSITE IGNORES THIS and just says "oh you speak Spanish and English but you're travelling in Russian right now? HOPE YOU LIKE READING RUSSIAN FUCKER". So it's 100% only used for invading privacy now.

Some of the tracking mechanisms never should have been allowed in the first place (like timezone and which fonts I have installed), but some of them (like Accept) I can't think of how to do in a secure way.

[–] [email protected] 2 points 1 year ago

That is insane the amount of info given. I had no idea. Thanks for the website

[–] [email protected] 1 points 1 year ago (1 children)

Fuck me sideways.

Also, I'd remove battery charge metric from the fingerprint. Since it changes over time, I wouldn't really consider it a good or even usable metric.

[–] [email protected] 1 points 1 year ago (1 children)

Could be used in combination with other metrics to identify a specific user's movements through a site over time, if the other metrics aren't unique enough.

[–] [email protected] 1 points 1 year ago

Possibly, but when you have time as a realiable metric already, you dont need another metric that ticks down at an unknown and inconsistent speed, and goes up once in a while. Hell, I keep my laptop plugged 99% of the time.

[–] [email protected] 9 points 1 year ago

I used Dejavu Sans for like 10 years, and Hack is the perfect incremental improvement. I've tried to use other fonts but I keep coming back to Hack.

[–] [email protected] 2 points 1 year ago (1 children)

https://security.stackexchange.com/questions/91347/how-can-a-font-be-used-for-privilege-escalation

Not a serious rebuttal. But yes, MS has found a way for Windows to be vulnerable to attacks using fonts.