Bug#582146: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so: browser plugin reporting of system fonts is a privacy leak
Torsten Werner
twerner at debian.org
Thu May 27 07:56:07 UTC 2010
Thiemo Nagel schrieb:
> On 05/26/2010 09:35 PM, Torsten Werner wrote:
>> A total loss of anonymity from just a font list? Really? Isn't that a
>> bit too far-fetched?
>
> It's not automatic. You should be relatively safe with the default
> install. However if you start adding fonts manually, it seems that a
> few uncommon fonts already provide enough entropy to make you unique
> among a million of visitors.
But a unique user can still be an anonymous user. Did I miss anything?
Can you read my name, address, sex, birthday, ... from a font list in a
magic way?
Torsten
More information about the pkg-java-maintainers
mailing list