Browser manufacturers are in a constant battle of finding ways to protect users from being fingerprinted by websites they use. I just recently was very surprised to visit an online store (with emptied local storage, all cookies deleted, and trackers efficiently blocked) which instantly recommended me to “Continue where I last stopped” and showing me the one product I had assessed a few days earlier. Needless to say I won’t ever buy anything from that company.
This case of a software manufacturer using a custom font to fingerprint users is another appalling example of such unethical conduct: On installing their software, they install a custom font on the user’s machine which is then – every junior-level web developer knows how – easy to check for its existence. Even if the company claims to do this in order to prevent fraud, this still is a massive intrusion into users’ privacy and puts the conduct of that company in a very bad light (they apparently have since changed their practice after the public backlash).
As a side note: anybody doing this kind of intrusive sniffing in the EU hopefully is aware that it is very likely a violation of the ePrivacy directive and its national implementations: assessing “information stored on a user’s device” (which in my book is very much the case when looking for installed fonts) always requires explicit consent.