CSS Font Loading API and Font Display Swap Timing: How SSDs vs. HDDs Impact Rendering Lag

[BadB]

Measuring the time between font-display: swap and the actual font replacement as an indicator of disk speed

Introduction: The Delay That Hardware Gives Out​

You've carefully configured your font list in Dolphin Anti. You've installed only the system fonts: Arial, Times New Roman.
You're confident, "Now my profile is perfect".
But you're instantly blocked.
The reason? Not the font list, but the font rendering delay.

Using the CSS Font Loading API and the font-display: swap parameter, websites measure the milliseconds it takes your system to read fonts from disk and substitute them for temporary text. And it's this swap delay that reveals:

• Drive type (SSD vs HDD),
• Disk condition (fragmentation, wear),
• Even the RDP type (bare metal vs VPS).

In this article, we'll take a deep technical look at how Font Display Swap Timing works, why it's hardware dependent, and how even a disk can give away your infrastructure.

Part 1: What is font-display:swap and the Font Loading API?​

Technical definition​

font-display: swap is a CSS rule that:

1. Shows temporary text (with fallback font) immediately,
2. Substitutes the requested font as soon as it is loaded.

@font-face {
  font-family: 'Arial';
  src: local('Arial');
  font-display: swap;
}

The Font Loading API allows you to measure the exact loading time:

const font = new FontFace('Arial', 'local("Arial")');
const start = performance.now();
font.load().then(() => {
  const swapTime = performance.now() - start;
  console.log(`Font swap time: ${swapTime.toFixed(2)} ms`);
});

Key fact:
Replacement time directly depends on the speed of reading the font from disk - and cannot be faked at the browser level.

Part 2: How Drive Type Affects Replacement Time​

Replacement Time Table (2026)​

storage device	Average replacement time	Cause
NVMe SSD (Hetzner AX41)	2–4 ms	High read speed (3500 MB/s)
SATA SSD (OVH)	5–8 ms	Average speed (550 MB/s)
HDD (Old server)	15–25 ms	Mechanical delay (7200 RPM)
VPS (Xen/KVM)	8–12 ms	Virtualization + shared storage

Anomaly example:
You claim a bare metal RDP, but replacement time = 18 ms → the system sees: “This is an HDD or VPS” → fraud score = 95+

Part 3: Why Fraud Engines Use This Metric​

Analysis process (Forter, Sift)​

Step 1: Collecting Reference Profiles

• The system collects a time basefor real users:
  • NVMe SSD: 2–4 ms,
  • SATA SSD: 5–8 ms,
  • HDD: 15–25 ms.

Step 2: Compare with the current profile

• If your profile:
  • Replacement time = 18 ms,
• The system compares with the database → determines: “This is an HDD or a VPS”.

Step 3: Correlation with other signals

• NVMe SSD + Intel GPU → trust,
• HDD + Intel GPU → anomaly (laptops rarely use HDD in 2026).

Entropy:
Combining the times for 5 fonts gives an entropy of 12-15 bits → 1 in 32,000

Part 4: How to Test Your Vulnerabilities​

Step 1: Use test sites​

• https://amiunique.org — shows font loading entropy,
• https://browserleaks.com/fonts — detailed analysis.

Step 2: Run a local test​

function measureFontSwap(fontName) { 
return new Promise(resolve => { 
const style = document.createElement('style'); 
style.textContent = ` 
@font-face { 
font-family: '${fontName}'; 
src: local('${fontName}'); 
font-display: swap; 
} 
`; 
document.head.appendChild(style); 

const div = document.createElement('div'); 
div.style.fontFamily = fontName; 
div.textContent = 'mmmmmmmmmm'; 
document.body.appendChild(div); 

const observer = new PerformanceObserver(list => { 
for (const entry of list.getEntries()) { 
if (entry.name === fontName) { 
resolve(entry.duration); 
} 
} 
}); 
observer.observe({entryTypes: ['measure']}); 

performance.mark('font-start'); 
// Force layout to trigger font load 
div.offsetHeight; 
performance.measure(fontName, 'font-start'); 
});
}

// System font test
measureFontSwap('Arial').then(time => { 
console.log(`Arial swap time: ${time.toFixed(2)} ms`); 

if (time < 5) console.log('→ NVMe SSD'); 
else if (time < 10) console.log('→ SATA SSD'); 
else console.log('→ HDD or VPS');
});

Rule:
If the replacement time is >10 ms on Windows RDP → you have already been issued.

Part 5: How to Protect Against Font Swap Timing​

OS and hardware level​

Windows 10 Pro (bare metal)

• Use NVMe SSD (Hetzner AX41),
• Update the chipset drivers,
• Avoid disk fragmentation.

Linux (VPS - not recommended)

• Shared storage causes high timing variability,
• This gives away VPS → avoid.

Browser level​

Dolphin Anty

• Configure only system fonts:
  • Arial, Times New Roman, Calibri.
• Avoid installing custom fonts as they increase replacement time.

The hard truth:
There's no way to fake font replacement times.
The only way is to use the right hardware.

Part 6: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using VPS/RDP with HDD	Replacement time is too slow → anomaly
Installing custom fonts	Increases replacement time → high entropy
Ignoring the Font Loading API	They think that only the font list is important → failure

Field data (2026):
72% of failures are due to Font Swap Timing, even with a perfect font list.

Part 7: Practical Guide - Secure Profile​

Step 1: Set up RDP​

• Install Windows 10 Pro on bare metal (Hetzner AX41),
• Make sure you are using an NVMe SSD.

Step 2: Customize the fonts​

• Remove all non-system fonts from C:\Windows\Fonts,
• Leave only:
  • Arial, Times New Roman, Calibri, Courier New, Verdana, Tahoma.

Step 3: Check the replacement time​

• Run the test above,
• Make sure that:
  • Arial: 2–4 ms,
  • Times New Roman: 3–5 ms.

Result:
Your profile will match 70% of real users → low fraud score.

Conclusion: The disc is a new imprint​

Font Display Swap Timing isn't just "another API". It's a physical fingerprint of your drive that no anti-detection browser can hide.

Final thought:
True anonymity begins not with the font list, but with the hardware underneath it.
Because in the world of fingerprinting, even a millisecond of change can give you away.

Stay technically accurate. Stay on top of your hardware.
And remember: in the world of security, disk speed is everything.