Fluxfonts – font fingerprint cloaking

Fluxfonts is a specialized tool that attempts to tackle the privacy concerns raised by the possibility to collect information about the fonts installed on a system. Such information can be used to uniquely identify a system. With Fluxfonts, new fonts are randomly created and removed to prevent the same fingerprint from being recreated.

Font fingerprinting is a technique which is difficult and usually inconvenient for users to circumvent by other means. Fluxfonts is fully automated and runs in the background. By effectively always having a new unique fingerprint, it should prevent a system from being (re‐)identified between applications and web sites/‐browsers.


Fluxfonts version 1.1 (2013‐01‐11)

  • Ubuntu PPA (or DEB) sudo add-apt-repository ppa:aeyoun/fluxfontd
    sudo apt-get update
    sudo apt-get install fluxfonts
  • Mac OS 10.8+ installer Direct download or via filesharing.
    34 KiB, MD5: fe3b5a7d5ab56bfd9befc87e8038c099
  • Source code Direct download, via filesharing, or on GitHub.
    19 KiB, MD5: f1da35e6c7c034cf32324976ed1eb0e5

About fingerprinting

Device fingerprinting is a technique where various small bits of information is collected from a computer and combined into a uniquely identifying set of information. With enough information, this fingerprint can be considered globally unique. A study by the Electronic Frontier Foundation (EFF) concludes that it should be possible to create a globally unique fingerprint from the information exposed by a web browser.

With a globally unique fingerprint, the same computer—and thus it’s user—can be reidentified across different contexts that would otherwise not be able to share information between them. Contexts such as different web advertisement networks, social networking sites, and a locally running program’s online systems. Being able to globally identify—and even reidentify at a later time—a user raises serious privacy concerns.

Computers especially are with time configured with subtle differences that make them unique. In the context of web browsers, this information can include: User‐Agent string (the browser make and version), the plug‐ins and fonts installed on the system, browser settings such as privacy and language options (as exposed in requests), IP address, and more.

The EFF has a online tool that exposes some of the information that can be collected by a web site through the standard features of a web browser. Another alternative is BrowserLeaks’ fonts tester. These tools can be used to observe the effect of the Fluxfonts program.