Font fingerprinting techniques are based on measuring the onscreen dimensions of HTML elements filled with text pieces or single Unicode glyphs. Font rendering in web browsers is affected by many factors, and these measurements may vary slightly.

Fonts Enumeration attack is a brute-force method that tries different fonts from a sizeable font-family dictionary. If the rendered element's size differs from the default values, it means that the substituted font is present in the system. The Unicode Glyphs Measurement does almost the same job. Instead of a text line, it uses single, specifically selected Unicode characters with a large font-size, and uses only default letterforms as a font-family. Fingerprints are formed after hashing the obtained measurement results.


Last updated