- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Tue, 25 Jun 2019 18:45:42 +0000
- To: public-css-archive@w3.org
@dbaron not sure what the suggestion is here. Freeze progress on CSS Font v4 until a "up-to-date list of fingerprinting vectors, with data on them and proposed mitigations" is built? It definitely does not seem user serving to say "we know there is a problem, we know its significant, but haven't had _others_ propose mitigations for them, so we're going to ship the problem anyway". Seems way better to fix a problem that we know exists now, and is harming users today. This isn't hypothetical; the current CSS Font v3 spec enables users to be tracked w/o their consent. As stated before, there are many, many research papers showing this is a problem, as well as many deployed examples in the wild. It is not the case that these papers find no problem in the absence of flash, the findings are either "not having flash degrades identifiability some, but its still identifying" or "we measured w/o flash, and find its highly identifying." It's also apparently serious enough that FF and Safari have deployed mitigations. -- GitHub Notification of comment by snyderp Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4055#issuecomment-505572590 using your GitHub account
Received on Tuesday, 25 June 2019 18:45:44 UTC