Font Loading API Timing on SSD vs. HDD: How Drive Speed Creates Entropy

[BadB]

How font loading time varies by storage device — and why it matters

Introduction: Silence That Betrays Iron​

You've carefully configured your font list in Dolphin Anti. You've installed only the system fonts: Arial, Times New Roman.
You're convinced, "Now my profile is perfect".
But you're instantly blocked.
The reason? Not the font list, but the time it takes to load them from disk.

Using the Font Loading API, websites measure the milliseconds it takes your system to read fonts from your storage. And it's this reading speed that reveals:

• Drive type (SSD vs HDD),
• Disk condition (fragmentation, wear),
• Even the RDP type (bare metal vs VPS).

In this article, we'll take a deep technical look at how Font Loading Timing works, why it's hardware-dependent, and how even a disk can give away your infrastructure.

Part 1: What is Font Loading API Timing?​

Technical definition​

The Font Loading API is a JavaScript interface for monitoring font loading. It allows you to measure the exact time required for:

• Reading font from disk,
• Parsing glyph tables,
• In-memory caching.

const font = new FontFace('Arial', 'url(Arial.ttf)');
const start = performance.now();
font.load().then(() => {
  const duration = performance.now() - start;
  console.log(`Font load time: ${duration.toFixed(2)} ms`);
});

Key fact:
Loading time is directly dependent on the speed of the storage device and cannot be faked at the browser level.

Part 2: How Storage Type Affects Boot Time​

Loading Time Table (2026)​

storage device	Average loading time	Cause
NVMe SSD (Hetzner AX41)	2–4 ms	High read speed (3500 MB/s)
SATA SSD (OVH)	5–8 ms	Average speed (550 MB/s)
HDD (Old server)	15–25 ms	Mechanical delay (7200 RPM)
VPS (Xen/KVM)	8–12 ms	Virtualization + shared storage

Anomaly example:
You claim bare metal RDP, but boot time = 18 ms → system sees: “This is HDD or VPS” → fraud score = 95+

Part 3: Why Fraud Engines Use This Metric​

Analysis process (Forter, Sift)​

Step 1: Collecting Reference Profiles

• The system collects a time basefor real users:
  • NVMe SSD: 2–4 ms,
  • SATA SSD: 5–8 ms,
  • HDD: 15–25 ms.

Step 2: Compare with the current profile

• If your profile:
  • Load time = 18 ms,
• The system compares with the database → determines: “This is an HDD or a VPS”.

Step 3: Correlation with other signals

• NVMe SSD + Intel GPU → trust,
• HDD + Intel GPU → anomaly (laptops rarely use HDD in 2025).

Entropy:
Combining the times for 5 fonts gives an entropy of 12-15 bits → 1 in 32,000.

Part 4: How to Test Your Vulnerabilities​

Step 1: Use test sites​

• https://amiunique.org — shows font loading entropy,
• https://browserleaks.com/fonts — detailed analysis.

Step 2: Run a local test​

function measureFontLoad(fontName, fontUrl) { 
return new Promise(resolve => { 
const font = new FontFace(fontName, `url(${fontUrl})`); 
const start = performance.now(); 

font.load().then( 
() => resolve(performance.now() - start), 
() => resolve(-1) // Font not available 
); 
});
}

// System font test
measureFontLoad('Arial', 'local("Arial")').then(time => {
console.log(`Arial load time: ${time.toFixed(2)} ms`);

if (time < 5) console.log('→ NVMe SSD');
else if (time < 10) console.log('→ SATA SSD');
else console.log('→ HDD or VPS');
});

Rule:
If boot time is >10 ms on Windows RDP → you've already been exposed.

Part 5: How to Protect Against Font Loading Timing​

OS and hardware level​

Windows 10 Pro (bare metal)

• Use NVMe SSD (Hetzner AX41),
• Update the chipset drivers,
• Avoid disk fragmentation.

Linux (VPS - not recommended)

• Shared storage causes high timing variability,
• This gives away VPS → avoid.

Browser level​

Dolphin Anty

• Configure only system fonts:
  • Arial, Times New Roman, Calibri.
• Avoid installing custom fonts as they increase loading time.

The hard truth:
There's no way to fake font loading times.
The only way is to use the right hardware.

Part 6: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using VPS/RDP with HDD	Loading time is too slow → anomaly
Installing custom fonts	Increases loading time → high entropy
Ignoring the Font Loading API	They think that only the font list is important → failure

Field data (2026):
72% of failures are related to Font Loading Timing, even with a perfect font list.

Part 7: Practical Guide - Secure Profile​

Step 1: Set up RDP​

• Install Windows 10 Pro on bare metal (Hetzner AX41),
• Make sure you are using an NVMe SSD.

Step 2: Customize the fonts​

• Remove all non-system fonts from C:\Windows\Fonts,
• Leave only:
  • Arial, Times New Roman, Calibri, Courier New, Verdana, Tahoma.

Step 3: Check the loading time​

• Run the test above,
• Make sure that:
  • Arial: 2–4 ms,
  • Times New Roman: 3–5 ms.

Result:
Your profile will match 70% of real users → low fraud score.

Conclusion: The disc is a new imprint​

Font Loading API Timing isn't just "another API". It's a physical fingerprint of your drive that no anti-detection browser can hide.

Final thought:
True anonymity begins not with the fonts, but with the hardware underneath them.
Because in a world of fingerprinting, even a millisecond of reading can give you away.

Stay technically accurate. Stay on top of your hardware.
And remember: in the world of security, disk speed is everything.