Firefox logo

Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts.

The user privacy protection system was borrowed from the Tor Browser, where a similar mechanism blocks websites from identifying users based on the fonts installed on their computers.

The feature has been active in the Tor Browser for some time and will become active in the stable branch of Firefox 52, scheduled for release on March 7, 2017.

The font fingerprinting protection is already active in Firefox 52 Beta.

Firefox 52 to use a system font whitelist

This new feature works just like in the Tor Browser, meaning Firefox 52 will use a whitelist of system fonts for each operating system.

Firefox won't block queries for system fonts but it will answer in the same way for every user, with a standard list of fonts installed by default on each OS. This whitelist makes the font fingerprinting technique irrelevant for Firefox users.

The practice of font fingerprinting relies on website operators deploying Flash or JS scripts that query the user's browser for a list of locally installed fonts.

In the vast majority of cases, it's advertising companies that employ these fingerprinting techniques via hidden scripts delivered with ads.

Advertisers take the list of local fonts, and together with other user details, they create a unique fingerprint (ID) for each user. This ID is then used to deliver targeted ads and track users across the web.

Feature part of Mozilla's Tor Uplift project

While sabotaging system font queries won't stop user fingerprinting as a whole, this is just one of the latest privacy-related updates Mozilla has added to Firefox.

Back in July 2016, Mozilla engineers started the Tor Uplift project, which aims to improve Firefox's privacy features with the ones present in the Tor Browser.

A month later, with the release of Firefox 48, Mozilla took its first step in this direction by blocking a list of URLs known to host fingerprinting scripts.