Linux metric-compatible fonts (Arimo/Cousine/Tinos) present under a non-Linux UA

br.font_linux_leak  ·  corroborates

browserlayer
environmentcategory
8evaders caught

What it catches

Camoufox source fonts.json: Arimo/Cousine/Tinos leak from the container under a spoofed non-Linux UA. v0.74.2: category corrected coherence->ENVIRONMENT — the 'Linux-only' premise is FALSE. Arimo/Cousine/Tinos are the CROSCORE fonts, freely downloadable from Google Fonts and installable on ANY OS (a web developer/designer on Windows/macOS commonly has them), so their presence under a non-Linux UA is not a reliable OS contradiction — font presence is user-configurable, so this must only CORROBORATE, never convict. The Linux-container OS-spoofs that trip it (os-spoof, ios-ua-spoof, iframe-spoof, stealth-patched) are all still convicted by the many HARD cross-layer tells (net.tcp_os_vs_ua, ua_platform_vs_ch_platform, ch_ua_version_vs_ua, cdp_runtime_enabled). (Contrast br.font_mac_internal, which stays convicting: the dot-prefixed '.Aqua Kana' macOS system fonts are NOT normally enumerable, so their presence is a genuine camoufox font-list leak, not a user-installable font.)

Signals it reads

browser.font_linux_leak

How it fires

present

← all detections