Mozilla is making its latest build of Firefox more secure by stopping browser fingerprinting via system fonts. With the latest scheduled stable release of Firefox 52, the browser will come with a font whitelist. This will mean it can prevent fingerprinting via operating system fonts.
Firefox 52 is still in development, but researchers are working with the whitelist ahead of the update on March 7, 2017. System fonts can be exposed so that user information is release, such as browsing habits and location.
This is not a new tactic for internet tracking. Browser fingerprinting often relies on a mistake by the user to get access to information. However, a system exposing browser habits through the font is more problematical. Firefox deals with this by whitelisting fonts that are safe to be used.
If a request is sent by a website, the browser would prevent it from accessing much information about the underlying OS. In the past this information would have been given whether the font was safe or not. The whitelist allows Firefox 52 to manage which fonts can be exposed and which cannot.
Firefox 52 is the latest version of Mozilla’s web browser. It is based on the Gecko 52 engine and will be launched in March. Nightly build of the browser are currently available on the Developer Edition channel.
Borrowing from Tor
It is worth noting that this type of font whitelist is similar to an implementation in Tor. The Tor software prevents browser tracking, but it too was once exposed via fonts. However, the company shored up the service in 2015 to prevent font fingerprinting.
Mozilla and Tor have a good relationship and the former has implemented a number of Tor features into Firefox. In return, Tor has used Firefox Extended Support Release builds in the Tor Browser Bundle.