Bug#582146: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so: browser plugin reporting of system fonts is a privacy leak

[Thiemo Nagel]

On 05/26/2010 09:35 PM, Torsten Werner wrote:
> A total loss of anonymity from just a font list? Really? Isn't that a
> bit too far-fetched?

It's not automatic.  You should be relatively safe with the default 
install.  However if you start adding fonts manually, it seems that a 
few uncommon fonts already provide enough entropy to make you unique 
among a million of visitors.  (Happened to me when I tested my 
configuration on panopticlick.)  Try for yourself.  (Though at the 
moment panopticlick is under maintenance.)

> Did you already some research in upstream's bug
> tracker or did you file a bug report by yourself there?

I've done no research upstream and only filed with Debian.

Cheers, Thiemo