- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Sep 2019 07:05:05 +0000
- To: public-css-archive@w3.org
re @tabatkins and privacy budget I haven't see a standard for it, any specifics of thresholds or empirical observations of it being a useful privacy protection strategy. Further, since a unique font generally puts someone in an extremely small equiv class by itself (w/o needing to be combined with other inputs), its unclear how a privacy budget approach would be useful here. Put differently, users are being harmed today by this flaw in the font standard. It seems inappropriate to hinge the solution to that problem to something that isn't anywhere close to standardization (i.e. privacy budget). re @yisibl (https://github.com/yisibl) could the privacy harm be addressed by solving the problems related to font subsetting? Re @litherum @dscorbett Would be interested to know how Safari handles these cases, as it seems the best (only?) proposal on the table currently is to do what Safari does. In general, again, I (and I dont think anyone on PING) is wedded to any particular mitigation, only that there is a deep privacy harming flaw in the current spec that needs fixing. Would be very happy to work with the WG to come up with other options, if the Safari option doesn't work. But some solution needs to be found (keeping in mind that privacy budget does not seem to be a solution to this problem). -- GitHub Notification of comment by snyderp Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4055#issuecomment-535818318 using your GitHub account
Received on Friday, 27 September 2019 07:05:07 UTC