Local fonts disabled in Webkit

[Leland]

The section on fingerprinting with fonts reads:

However, this works a little differently; every font not installed on device will send a request. By comparing the differences between the requests and the full list of fonts, we can conclude what fonts are installed.

...I think this might need some qualifying. Webkit implemented anti-fingerprinting techniques so that only system-level fonts are accessible through the local() directive. I just tested Chrome 96 and I can't get access to userland fonts this way.

Surprisingly I can with desktop Safari, not sure how that could be.

The Local Font Access API is what Google is proposing instead.

[OliverBrotchie]

That is interesting! I will have to review the results and assess whether this anti-fingerprinting works or not.