New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The fonts component gives different results #366
Comments
To disable both the flash and the javascript font detection use the options: |
What's your FF version, OS, and can you reproduce this? |
@SleepProgger I tried and it worked, thanks! |
@jonashaag I will give you a detailed description next Monday,the laptop now is in my company. I have another question, is it well supported for Iphone, Safari? Here is my config: |
@jonashaag My FF version is 61.0.2(64bit) and the os is win7(64bit) . But i am confused about this problem, because i tried another PC with the same version of FF and OS,and the problem just disappeared. |
Yeah font detection isn't 100% deterministic and reliable. If you can reproduce this that'd be great so we can improve the detection. |
I can confirm I'm getting the same results in Firefox. Simply opening a new tab and visiting https://valve.github.io/fingerprintjs2/, I sometimes get the same signature, but often get different ones. When comparing the data, the fonts (or perhaps the order of the fonts?) appears to be the issue - each time the hash changes it's the js_fonts that differ. For example: https://screenshots.firefox.com/ByUmH0vQMXyyxntC/valve.github.io Same browser (Firefox 62.0.3 64bit) - just opening the test page on different tabs On Chrome I do not see this issue at all; it may be worthwhile to disable js_fonts at least in the case of Firefox. Haven't tested on other browsers / OS's. |
@Magiweb can you please try master version |
Or even better this jsfiddle and paste the results https://jsfiddle.net/L2gLq4rg/ |
I noticed a similar(?) issue with Google Chrome (Version 69.0.3497.81) and Fingerprint2 v2.0.0. When I hard reload the browser (or clear browser cache), I always get 47 fonts. |
@jonashaag that jsfiddle returns an error in the console: https://screencast.com/t/7TzPi3oezo I see it's running https://rawgit.com/Valve/fingerprintjs2/master/fingerprint2.js, so I guess that's the equivalent of me running a local test from master branch, but if you like I can set that up. Let me know. |
@Magiweb try https://valve.github.io/fingerprintjs2/ |
@GrosSacASac yep I did that and pointed that out in my original comment: https://screencast.com/t/e939xgjO8dIs |
It might be a good idea to disable fonts by default, now that most UA start to implement fuzzy anti fingerprinting features |
@GrosSacASac yep agree - Safari's also making it harder to identify fonts etc. (making them less "unique" by standardising the response to default fonts found on any browser). Which is why I suggested in my comment that it's probably best to not use fonts for the hash. |
Yes and hashing everything by default is also being deprecated, I think calculating a proximity score is a better approach. |
Totally agree! Also adding "weight" to specific measurements could be useful so one metric may contribute more heavily than another to the overall score. Is that something that's in the works for fingerprintjs? |
That is something I am thinking about, but it is a huge task, which requires a lot of thoughts and manual testing |
Javascript isn't my strongest code language, but can scratch around and done a fair amount of work with statistics etc. so if I can be helpful let me know. |
@Magiweb @GrosSacASac few comments from a maintainer's POV:
|
As far as anti-fingerprinting protection I'm not too worried at this point. Most browsers are in the planning stage, maybe have a few protections implemented, but overall the browser market is far from being fingerprint proof. This will take months, if not years, to change. |
@jonashaag if you want to discuss / elaborate on this maybe we should create a separate topic so this topic remains relevant to the subject? For example, booting 100's of OS's isn't hard outside of licensing issues, particularly with Mac. The problem is how to automatically drive them inside of their UI environment since we can't use headless browsers (for obvious reasons). Also, such an infrastructure would definitely incur cost. But I'm pretty strong on the cloud / SysOps side so that's definitely something we can discuss further and try to iron out. |
Yes please |
Is it reproducible in v3? |
I can reproduce it with v2 in Firefox 62 on Windows 7 and Windows 10 on Browserstack. Meanwhile the bug isn't presented on the v3 demo page. Version 2 is outdated, please update to v3. I can't reproduce it with v2 in Firefox 82 on Windows 10. The difference between the fingerprints is that |
hi, i test firefox fp on the demo website(https://valve.github.io/fingerprintjs2/), when i first get the fp, the value is "c47be56e91cdb14ae31367c66851e4f3", then i open another tab, the value changed to "9af57a294ebb17e521c91c8a8a61fa4c", i compared component and found some difference on the component of "js_fonts", the former was "js_fonts = Arial,Arial Black,Arial Narrow,Arial Rounded MT Bold,Arial Unicode MS,Book Antiqua,Bookman Old Style", and the latter was "js_fonts = Arial,Arial Rounded MT Bold,Arial Unicode MS,Book Antiqua,Bookman Old Style,Calibri,Cambria,Cambria ", i want to know how to exclude font detection completely? I tried "extendedJsFonts: true" but it did not worked. This just happened on firefox , other browser worked fine.
The text was updated successfully, but these errors were encountered: