430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Firefox 52 more privacy oriented with a Tor protection mechanism

Mozilla development team announced a new privacy protection mechanism that will come with Firefox 52, it aims to prevent websites from fingerprinting users. Mozilla announced the introduction of a new privacy protection mechanism to Firefox 52 that prevents websites from fingerprinting through system fonts. The technique is widely adopted by advertising companies via hidden scripts delivered with […]

Mozilla Firefox

Mozilla development team announced a new privacy protection mechanism that will come with Firefox 52, it aims to prevent websites from fingerprinting users.

Mozilla announced the introduction of a new privacy protection mechanism to Firefox 52 that prevents websites from fingerprinting through system fonts.

The technique is widely adopted by advertising companies via hidden scripts delivered with ads that take the list of local fonts and along with other data create a unique fingerprint (ID) for each user.

The companies aim in this was to deliver targeted ads and track users across the web.

The experts at Mozilla have implemented a feature to only expose whitelisted system fonts to avoid fontlist fingerprinting. The new feature will be included in the stable branch of Firefox 52, scheduled for release on March 7, 2017.

Firefox 52

The user privacy protection mechanism was already implemented by Mozilla in the Tor Browser, it was developed to block websites from identifying visitors based on the fonts installed on their machines.

The font fingerprinting protection is already available in Firefox 52 Beta.

“Defending against font fingerprinting is complex. We have to worry about distinguishing attacks via differing installed font sets, text rendering engine differences, and font variants. There are a variety of tickets involved.” states the Tor Development Team.

“In #13313, we introduced a Tor Browser pref, “font.system.whitelist”, which accepts a list of fonts and excludes all others from the browser.”

How does the feature work? 

The feature leverages a whitelist of system fonts for each operating system, the browser will not block queries for system fonts but it will provide the same answer for every user making impossible to discriminate them.

The practice of font fingerprinting relies on website operators deploying Flash or JS scripts that query the user’s browser for a list of locally installed fonts.

The news confirms the intention of Mozilla to protect users’ privacy, in July the development team launched the Tor Uplift project, a significant effort in improving privacy features implemented in FireFox.

“To uplift all of the Tor Browser patches to mainline Firefox. The general approach is to add preferences for anything that breaks the web and set them to default “off” so that the behavior of default Firefox does not change. All bugs are tagged with [tor]. The Tor Browser design document is here.” states the description of the project.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Firefox 52, privacy)