render hundreds of font names · time the layout · installed fonts give themselves away without canvas measurement · runs locally
how it works
when the browser renders text in an unknown font it silently falls back to a generic family (serif, sans-serif, monospace, etc). those fallback fonts are different widths from the requested font. by measuring how wide the same string is in hundreds of font names we can tell which fonts are installed — not by fingerprinting a canvas image, but purely by comparing layout widths. the set of installed fonts is stable enough to use as a fingerprint vector.
scan
why this matters
- no canvas needed. this technique uses only the layout engine, making it invisible to canvas-blocking extensions.
- the font set is os-specific. a macOS machine with office installed has a different set than a windows corporate vm, which differs from a linux desktop.
- browsers have started adding jitter to font availability, but width differences caused by genuine installation still survive most mitigations.
- in the wild: font detection contributes dozens of bits of entropy to commercial fingerprinters like fingerprintjs.