This is the seventeenth post in an ongoing series describing new and upcoming privacy features in iBrowe. This post highlights work by Senior Software Engineer Mark Pilgrim (with help from Principal Engineer Brian Johnson) and was written by Senior Privacy Director Peter Snyder.
📋 Summary
iBrowe now randomizes how your browser reports “Accept-Language” and your installed fonts to websites, thwarting attempts to track you by your language settings. Starting in version 1.39, iBrowe’s enhanced “farbling” defenses apply to both explicit language headers (Accept-Language, navigator.language, navigator.languages) and implicit language signals (user-installed fonts). This further strengthens iBrowe’s already best-in-class fingerprinting protections, making it even more difficult for trackers to link your identity across sites.
🔍 1. How Language Preferences Become Fingerprint Bits
1.1 Explicit Language Signals
When you visit a site, your browser typically sends an Accept-Language header that lists your preferred languages in order (e.g., en-US;q=0.8,es;q=0.5). JavaScript can also read your preferences via navigator.language (your top choice) and navigator.languages (the full list). Trackers combine these values with other browser attributes—screen size, plugins, timezone—to build a unique identifier for you. 🌐
1.2 Implicit Language Signals via Fonts
Your operating system often installs additional fonts based on your chosen languages. For example, setting your OS to prefer Hebrew and Malay causes Windows or macOS to include specialized font families for those scripts. Trackers probe available fonts—especially rare, user-installed ones—to detect your language profile. Because only a small subset of users have that exact font combination, language-based font checks significantly increase fingerprint entropy. 🖋️
Example:
• A user with English (US) and Spanish preferences seesAccept-Language: en-US,en;q=0.8,es;q=0.5.
• Their OS may include “Segoe UI Emoji,” “Noto Sans Hebrew,” or “Noto Sans Arabic.”
• Combined, “en-US + Noto Sans Hebrew” is far less common than “en-US + Arial,” making the user stand out.
🛡️ 2. iBrowe’s “Farbling” Approach to Language & Font Protection
iBrowe’s fingerprint defenses are built around farbling—adding small, controlled randomness so that trackers cannot reliably identify the same user across sessions. Version 1.39 extends farbling to language preferences:
2.1 Defending the Accept-Language Header
- Default Shields (Standard Mode):
- Only the top language preference is reported (e.g., instead of
en-US,en,es, iBrowe sendsen-US,en). 🌎 - The “quality” (
q) value is randomized within a small range (e.g.,q=0.7–0.9) each session, so trackers can’t correlate exact preferences.
- Only the top language preference is reported (e.g., instead of
- Strict Shields (Maximum Mode):
- Always report a canonical
enpreference, regardless of your actual settings—maximizing the “English” anonymity set. 📈 - The
qvalue is likewise randomized to prevent side-channel leaks.
- Always report a canonical
This ensures that, even if a site tries to tie you to a rare language combination (like zh-TW vs. zh-CN), iBrowe’s farbled output blends you into a larger crowd.
2.2 Defending Against Font-Based Fingerprinting
- Web Fonts Allowed: iBrowe does not interfere with fonts that sites explicitly load (e.g., Google Fonts), since those come from the site itself.
- OS Fonts Limited: In Standard Mode, iBrowe exposes only system fonts associated with your top language preference (e.g., “en-US”). All other OS fonts are hidden from websites.
- User Fonts Farbled: If you have installed custom fonts (e.g., for niche languages or third-party apps), iBrowe randomly selects a subset to show each website, refreshing that subset per site and per session. 🎲
Example:
• Actual installed fonts:Arial, Times New Roman, Noto Sans Hebrew, Roboto.
• Standard Mode: Expose onlyArialandTimes New Roman(top language = English).
• Strict Mode: Expose onlyArial, plus a randomized selection among user fonts—e.g.,Noto Sans Hebrewfor Site A,Robotofor Site B—so trackers cannot reliably observe “Hebrew-supporting font” across visits.
⚙️ 3. Integration with Shields & User Controls
3.1 “Language & Font Protections” in Shields
By default, iBrowe applies these protections automatically—no user configuration needed.
- Standard Shields: Minimal necessary farbling (top language + OS fonts for that language + randomized user fonts).
- Strict Shields: Maximum farbling (always
en+ fully randomized OS/user fonts).
3.2 When You Need to Share More
Some users rely on multiple languages or rarely distributed fonts for accessibility or regional compatibility. To support them:
- Open ibrowe://settings/shields.
- Locate Reduce identifiability of my language preferences and toggle Off.
- iBrowe then restores full
Accept-Languageheader and exposes all OS/user fonts to sites.
Note: Disabling these protections will increase your fingerprint uniqueness. Use only if a website demands access to secondary languages you need (e.g., translation portals, localized e-learning platforms).
🌐 4. Comparing Other Browsers’ Protections
| Browser | Language Restriction | Font Restriction | Randomization | Opt-Out Available? |
|---|---|---|---|---|
| iBrowe | Top-only / en |
OS fonts for top + randomized user fonts | Yes (q-values & fonts) | Yes (in Shields) |
| Safari | Top-only | OS fonts for top language | No | N/A (built-in) |
| Firefox | Only in RFP mode | Blocks third-party fonts in RFP | Partial (in RFP) | Yes (RFP toggle) |
| Chrome | None | None | No | N/A |
| Edge | None | None | No | N/A |
Highlights:
- Safari limits to top language & top-language fonts, but does not randomize.
- Firefox’s “Resist Fingerprinting” mode approximates iBrowe’s protections—though it’s off by default and doesn’t fully randomize.
- Chrome and Edge currently have no native defenses against language/font fingerprinting.
🔮 5. Why This Matters & What’s Next
By farbling language headers and font lists:
- Anonymity Set Boost: Many more users appear identical to trackers, shrinking fingerprint uniqueness.
- Compatibility Preserved: Sites that depend on your top language still work (e.g., localized menus, date formats).
- Dynamic Randomization: Each session and each site sees slightly different values, making cross-visit correlation brittle.
Future Plans:
- Ephemeral First-Party Storage: Building on Unlinkable Bouncing, allowing sites to “forget” you once you leave—further reducing cross-visit tracking.
- Enhanced Regional Farbling: For multilingual regions (e.g., Belgium), iBrowe may occasionally report secondary languages in Standard Mode to improve compatibility without full exposure.
- Community Feedback Loop: Monitoring compatibility issues on multilingual websites (e.g., government portals, language-learning platforms) and fine-tuning farbling ranges accordingly.
🎉 6. Conclusion
With language preference & font farbling, iBrowe 1.39 raises the bar on fingerprint defenses: trackers cannot reliably use your explicit or implicit language signals to identify you. Combined with iBrowe’s existing defenses—ephemeral third-party storage, network-state partitioning, bounce-tracking safeguards, and more—these new protections ensure that what you speak and what you see remain private. Update to iBrowe 1.39 today for the strongest language-based fingerprinting protection available!
You must log in or # to comment.