Font List - BrowserTrace Deep Dive

1. Technical Classification

Font Enumeration JavaScript Client-Side Advanced Fingerprinting

Font enumeration goes beyond counting fonts—it creates a precise list of every font installed on your system. This technique:

Tests Thousands: Checks against comprehensive database of known font names
Creates Unique Signature: Specific combination of fonts is highly distinctive
Reveals Software: Proprietary fonts expose installed applications
Persistent Identifier: Font list rarely changes, enabling long-term tracking

2. Background & Purpose

Font enumeration emerged as an advanced fingerprinting technique when researchers realized that the specific combination of fonts installed on a system is highly unique—often as distinctive as a fingerprint.

How Comprehensive Enumeration Works

Tracker maintains database of 1000+ font names (common and uncommon)
Tests each font using canvas or DOM measurement techniques
Records complete list of detected fonts
Creates hash or signature from font combination
Uses this signature to track user across websites and sessions

Why Font Lists Are So Unique

The combination of installed fonts varies dramatically based on:

Software Installations: Adobe Suite adds 1000+ unique fonts
User Preferences: Downloaded fonts from Google Fonts, DaFont, etc.
Professional Tools: Designers use Font Manager, Suitcase, etc.
Language Support: Asian, Arabic, Hebrew fonts for multilingual users
System Updates: Different OS versions include different font sets
Regional Variants: Localized Windows/Mac versions include region-specific fonts

Research Finding: A 2014 study found that font enumeration alone could uniquely identify 34% of users, and when combined with other attributes, nearly 99% of users were uniquely identifiable.

3. What Font Lists Reveal

Detection Code Example

// Test large font database
const fontDatabase = [
    'Arial', 'Helvetica', 'Times New Roman', ...
    'Adobe Caslon Pro', 'Proxima Nova', ...
    'Hiragino Sans', 'Microsoft YaHei', ...
];

const detectedFonts = [];
for (const font of fontDatabase) {
    if (isFontAvailable(font)) {
        detectedFonts.push(font);
    }
}

// Create fingerprint from combination
const fontFingerprint = hash(detectedFonts.sort().join(','));

Information Leaked by Specific Fonts

Font Name	What It Reveals
Adobe Garamond Pro	Adobe Creative Cloud subscriber (creative professional)
Proxima Nova, Gotham	Professional designer with commercial font licenses
Consolas, Cascadia Code	Software developer (programming fonts)
SimSun, Microsoft YaHei	Chinese language support installed
Arabic Typesetting	Arabic language support or Middle Eastern region
Comic Sans MS	Default Windows installation
SF Pro, San Francisco	macOS system (Apple exclusive fonts)
DejaVu Sans	Linux system

Company-Specific Fonts

Some fonts uniquely identify employees of specific companies:

Corporate Brand Fonts: Custom typefaces used for company branding
Internal Tools: Specialized fonts from proprietary software
Enterprise Software: SAP, Oracle, Microsoft Office fonts

4. Common Uses

Legitimate Uses (Rare)

Font Management Software: Listing installed fonts for organization
Design Applications: Showing available fonts in font picker
Typography Testing: Web font services testing compatibility

Privacy-Invasive Uses (Common)

Precise Fingerprinting: Creating highly unique tracking identifier
Cross-Site Tracking: Following users who block cookies
User Profiling: Identifying profession, software usage, interests
Evading Privacy Controls: Tracking users in private browsing mode
Account Linking: Correlating multiple accounts from same user

5. Platform & Software Detection

Operating System Detection via Fonts

Windows-Exclusive Fonts

Calibri, Cambria, Candara, Consolas, Constantia, Corbel, Segoe UI, MS Gothic

macOS-Exclusive Fonts

San Francisco, SF Pro, Helvetica Neue, Lucida Grande, Marker Felt, Apple Chancery

Linux-Common Fonts

Liberation Sans, DejaVu Sans, Ubuntu, Noto Sans, Droid Sans

Software Detection

Adobe Creative Cloud: 1000+ Adobe Fonts library fonts
Microsoft Office: Calibri, Cambria, Century Gothic
CorelDRAW: Bitstream font collection
AutoCAD: Technical drawing fonts (Romans, Simplex, Complex)
LaTeX/TeX: Computer Modern, Latin Modern fonts

6. Privacy Implications & Tracking Risks

Privacy Risk: VERY HIGH

Font enumeration creates one of the most unique and persistent tracking identifiers available. Your exact font combination is likely unique among millions of users.

Extreme Uniqueness

Statistical Uniqueness

With 1000+ fonts in circulation and each user having 50-500 installed, the number of possible combinations is astronomical. Your specific font set is likely unique or shared by only a handful of users worldwide.

Professional Identification

Presence of professional fonts like Proxima Nova, Gotham, or Adobe Typekit fonts immediately identifies you as a creative professional, potentially enabling price discrimination or targeted attacks.

Software Piracy Detection

Some companies use font enumeration to detect pirated software—if you have Adobe fonts but no Creative Cloud subscription, it suggests unauthorized installation.

Long-Term Tracking

Stable Over Time: Font list rarely changes unless you install/remove software
Cross-Browser: Same fonts detected in Chrome, Firefox, Safari
Cross-Device (partial): Work and home computers may share fonts if you're a professional
Incognito Ineffective: Private browsing shows identical font list

Real-World Privacy Threats

Corporate Espionage

Competitors could identify your employees based on corporate fonts installed on work devices used for personal browsing.

Advertising Networks

Ad networks use font lists to build detailed profiles and track users across the web, even years after first encounter.

De-anonymization

If you post anonymously but later post from the same device without anonymity, font fingerprinting can link your identities.

7. Protection & Countermeasures

Browser-Based Protections

Tor Browser (Most Effective)

Method: Reports standardized minimal font list

Effectiveness: Very High - all Tor users appear identical

Tradeoff: Limited font rendering, some sites display poorly

Firefox with privacy.resistFingerprinting

Method: Restricts font enumeration to system defaults

Enable: about:config → privacy.resistFingerprinting = true

Effectiveness: High - significantly reduces font detection

Brave Browser

Method: Blocks or randomizes font enumeration

Effectiveness: High with strict shields enabled

Browser Extensions

Canvas Blocker (Firefox): Blocks font enumeration attempts
Privacy Badger: Learns and blocks fingerprinting scripts
uBlock Origin: Can block some fingerprinting scripts with advanced filters

Manual Strategies

Minimal Font Installation: Only install fonts you absolutely need
Separate Devices: Use different devices for work (with professional fonts) and personal browsing
Virtual Machines: Use fresh VM for sensitive activities
Portable Fonts: Use fonts within applications rather than system-wide installation

What Doesn't Work

Incognito Mode: Shows same fonts as regular browsing
VPN: Changes IP but not font list
Clearing Cookies/Cache: No effect on font detection
Ad Blockers (most): Don't specifically target font enumeration

Best Protection: Use Tor Browser for anonymous browsing, or Firefox with privacy.resistFingerprinting enabled. Consider using a separate browser profile with minimal fonts for privacy-sensitive activities.

8. Learn More

BrowserLeaks Font Fingerprinting Test See exactly which fonts are detectable on your system EFF Cover Your Tracks Test your browser's fingerprint uniqueness MDN - Canvas Text Measurement Technical details of font detection mechanism Wikipedia - Device Fingerprinting Overview of fingerprinting techniques Firefox Anti-Fingerprinting Features How Firefox protects against font enumeration Brave's Fingerprinting Protection Brave's approach to blocking font enumeration Tor Project Download Tor Browser for maximum protection FingerprintJS (Open Source) See how commercial fingerprinting works

Installed Font List

Your Installed Fonts (First 50)