Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve font lists #232

Closed
igor-lemon opened this issue Jul 28, 2023 · 14 comments
Closed

Improve font lists #232

igor-lemon opened this issue Jul 28, 2023 · 14 comments
Assignees
@abrahamjuliot

Comments

@igor-lemon
Copy link
Contributor

Hi. You added these fonts for like Apple platform

const isLikeApple = (
  'Helvetica Neue' in fontMap ||
  'Luminari' in fontMap ||
  'PingFang HK Light' in fontMap ||
  'Futura Bold' in fontMap ||
  'InaiMathi Bold' in fontMap ||
  'Galvji' in fontMap ||
  'Chakra Petch' in fontMap
)

But Futura Bold can exists on Windows too, not only macOS.
https://learn.microsoft.com/en-us/typography/font-list/futura
@abrahamjuliot
Copy link
Owner

This is okay as long as it's not a standard desktop font shipped with Windows 10 or 11 here.

@igor-lemon
Copy link
Contributor Author

igor-lemon commented Jul 28, 2023
edited

This is the wrong approach, because, for example, I did not install any extra fonts but I have Papyrus, Rockwell, Tw Cen MT. You will not find these fonts in the lists for the Windows version but will find them in the common fonts list.
It's strange that you don't want to fix this bug.

@abrahamjuliot abrahamjuliot reopened this Jul 28, 2023
@abrahamjuliot abrahamjuliot self-assigned this Jul 28, 2023
@abrahamjuliot abrahamjuliot added the unexpected unexpected behavior in browsers label Jul 28, 2023
@abrahamjuliot abrahamjuliot changed the title Wrong isLikeApple fonts Improve font lists Jul 28, 2023
@abrahamjuliot abrahamjuliot added the help wanted Extra attention is needed label Jul 28, 2023
@abrahamjuliot
Copy link
Owner

abrahamjuliot commented Jul 29, 2023
edited

update

I appreciate your interest in the code.

Futura Bold on Windows is classified as trash because it is a very rare font (0.0024643283% of Windows users) that makes the browser fingerprint unique and identifiable. The trash feature detects such uncommon features that can compromise privacy. More details are available in the documentation.

The font lists are based on data and reflect the most common and typical font configurations. Including every rare font in the list would make the trash feature less effective. Therefore, a data-driven approach is used to determine which fonts are trash and which are not.

This is how CreepJS works, and it is not a bug. The feedback is appreciated, but there is no issue with the code or the logic behind it. The issue is closed, but it can be re-opened, and code changes can be suggested if there is a better idea on how to handle rare fonts. Thank you for using CreepJS. 😊

@abrahamjuliot abrahamjuliot removed help wanted Extra attention is needed unexpected unexpected behavior in browsers labels Jul 29, 2023
@igor-lemon
Copy link
Contributor Author

It's a strange approach because Windows can have this font, albeit rarely. It's strange to consider it garbage and yet define the system as macOS. Especially when there are many other fonts that are unique to macOS. I would just replace this font with something that 100% doesn't exist on Windows.

@ttttmr
Copy link

ttttmr commented Jul 29, 2023

A small suggestion, maybe changing to the font scoring method can improve this problem, for example, if there are more than 3 default fonts, it will be marked as the corresponding operating system

@abrahamjuliot
Copy link
Owner

The suggestions are good to consider. However, there is no font that is only available on Windows or macOS. The closest thing is the System UI CSS font, which can change depending on the operating system, but that is a different aspect of fingerprinting.

The current focus is on the data from CreepJS, which shows a wide range of font combinations between macOS and Windows users. In every case, these combinations are rare and affect less than 1% of users.

Changing fonts can have a significant impact on the fingerprinting training process. Therefore, it is important to evaluate the pros and cons of such changes and prioritize the most common scenarios over the edge cases.

@abrahamjuliot
Copy link
Owner

...define the system as macOS

At some point, we may change the label to like macOS or like Windows as discussed below. But it's not critical.

@Thorin-Oakenpants
Copy link

Thorin-Oakenpants commented Jul 31, 2023
edited

However, there is no font that is only available on Windows or macOS

not really .... say hello to my little friends .... can I introduce you to MS Shell Dlg, MS Shell Dlg 2 (aka MS Shell Dlg \\32) ... -apple-system. Now, it's feasible that an OS/browser can subtitute/alias those, but super highly unlikely

I have been looking into FontSubtitutes in windows. We also have the same thing in linux when fonts like Courier, Arial, Times New Roman are aliased, and mac does something similar which I am looking at next

detection of a change in measurements vs the control (base font) does not mean you have the font, it means the browser changed the font used (as per OS, browser settings) - and that size is in itself the entropy - e.g. a japanese windows install maps MS Shell Dlg differently to all other window installs. A Japanese system local adds unique aliases. An arabic system locale does the same.

edit

@igor-lemon
Copy link
Contributor Author

igor-lemon commented Jul 31, 2023
edited

...define the system as macOS

At some point, we may change the label to like macOS or like Windows as discussed below. But it's not critical.

I don't know, but you say that my fonts are suspicious, but it's not true.
image

The problem is that you took a font that can be on both OS, even though there are many unique ones that are only for macOS and only for Windows. Futura Bold can be on both operating systems. And I want to make the point that it's weird to define a system by that font.

@abrahamjuliot
Copy link
Owner

MS Shell Dlg, MS Shell Dlg 2

Nice. I need to take a closer look at this.

@igor-lemon I will reconsider this and keep you posted on changes.

@igor-lemon
Copy link
Contributor Author

@abrahamjuliot If you need I can give you some macOS-only fonts since 10.14

@Thorin-Oakenpants
Copy link

Nice. I need to take a closer look at this

Aww come on :) Don't you remember marveling at my sheer genius when I sped up font enumeration by doing a single pass on windows/mac (by comparing to to base font MS Shell Dlg \\32 on windows and -apple-system on mac) instead of three passes (base fonts as monospace, sans-serif, serif) - and for three passes, I bailed if already found (most fonts if used will be detected against the first base font)

And this was further sped up by limiting the characters used in the font string - arkenfox/TZP#216

@abrahamjuliot
Copy link
Owner

I'm way behind on trying that out. I might drop the use of Font Face API at some point. It's easily spoofed and unreliable.

@Thorin-Oakenpants
Copy link

I don't bother, since it seems to be blocked in TB and the results would be duplicitous IIUIC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abrahamjuliot abrahamjuliot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@abrahamjuliot @igor-lemon @Thorin-Oakenpants @ttttmr