Font fingerprinting – is what fonts you have, and how they are drawn. Based on measuring dimensions of the filled with text HTML elements, it is possible to build an identifier that can be used to track the same browser over time.
Font metric-based fingerprinting is tightly crossed with the canvas fingerprinting. It is probably weaker fingerprinting technique, since canvas gets not only bounding boxes but also pixel data. On the other hand font fingerprinting is much more difficult to defend.
«Text rendering is a subtle and complex part of a web browser. Even in the Latin alphabet, layout is more than simply stacking boxes together: considerations such as ligatures, kerning, and combining characters come into play. Some other writing systems are even more complex, causing browsers to rely on OS-provided libraries for text layout. These libraries, including Pango on GNU/Linux, Graphics Device Interface (GDI) or DirectWrite on Windows, and Core Text on Mac OS X, are independent code bases and do not behave identically. Browsers additionally impose their own customizations atop the base text rendering.»
Here are a few demos of the font fingerprinting:
JS Fonts (unicode) – produced by measuring the bounding boxes of a certain Unicode code points, based on the above study.
JS Fonts (classic) – uses CSS fallback mechanism to compare prepared font list against generic font families.
Flash Fonts – is the most primitive, Flash has a method that simply returns an array of available system fonts.
JS Fonts (unicode)
|Report||?Unicode Glyphs Measurement|
JS Fonts (classic)