Bug#582146: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so: browser plugin reporting of system fonts is a privacy leak

Torsten Werner twerner at debian.org
Thu May 27 07:56:07 UTC 2010


Thiemo Nagel schrieb:
> On 05/26/2010 09:35 PM, Torsten Werner wrote:
>> A total loss of anonymity from just a font list? Really? Isn't that a
>> bit too far-fetched?
> 
> It's not automatic.  You should be relatively safe with the default
> install.  However if you start adding fonts manually, it seems that a
> few uncommon fonts already provide enough entropy to make you unique
> among a million of visitors.

But a unique user can still be an anonymous user. Did I miss anything?
Can you read my name, address, sex, birthday, ... from a font list in a
magic way?

Torsten





More information about the pkg-java-maintainers mailing list