GitLab

I've checked the TorBrowserBundle with JavaScript turned off via the testing tool on ip-check.info.

Turning JavaScript off seems to result in @font-face CSS attribute being readable. That might harm users' anonymity. What do you think?

Here's what the JonDonym developers tell us about it:

"The number and type of fonts installed on your system may, under certain circumstances, strongly contribute to your de-anonymization. Caution: Your fonts might even be read without JavaScript! This is possible, as a website may force loading web fonts if the respective font is not installed on your local computer. If the site forbids font caching, the fonts will be reloaded on any access.

If you ONLY see STRANGE, UNREADABLE SYMBOLS in this rating, your installed fonts are indirectly readable by this website.

In this case, the page may try to load hundreds of different font names using the "@font-face" attribute. If the respective font is installed on your system, the website notices that it is not loaded from the server. Hint: If it can read them, the fonts on your system enable a website to unambiguously recognize you in many cases.

Recommended: Prevent that your browser reloads fonts using the @font-face CSS attribute."