Comments on TeamViewer installs suspicious font only useful for web fingerprinting

Be civil and read the entire article first. This is not a support forum. Comments from new contributors are moderated. English only.

Leave a comment

Required. Optional. E.g. your homepage, Twitter. or Email required unless anonymous. Not published or shared. Reuse to be recognized as the same commenter.
Plain-text only. Begin lines with a > character to quote.

Anonymous

TeamViewer does have a built in chat feature, are you sure the fonts are not used for chat?

> TeamViewer does have a built in chat feature, are you sure the fonts are not used for chat?

The font literally only includes the letters T, e, a, m, V, i, w, r, 7, and 8. The font isn’t used in the chat feature.

SDC

It sure seems like even if TeamViewer had this one legitimate use for the font, they are making a major privacy tradeoff for their users who will now be more exposed to browser fingerprinting. I'd aggressively argue that this is not a good tradeoff to have made. It's more evidence that strong privacy laws are necessary to deter these kinds of short-sighted or selfish design decisions.

KKH

Notice that one can - theoretically, not related to TeamViewer - expand this to a truly unique ID: By having 32 fonts which are either installed or not, we can encode 32 bits of information. A website can easily recover this ID because it can test each bit individually, without having to guess all 32 bits at once. On average, 16 fonts would be installed on each system, which we can easily mask through Font Families.

Discussions also happens elsewhere! Read and participate in 3 external discussions (322 comments).