- From: Tab Atkins Jr. <notifications@github.com>
- Date: Thu, 04 Jan 2018 22:31:11 +0000 (UTC)
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 4 January 2018 22:31:40 UTC
> Inspecting what code points the browser can find a glyph for basically has the same privacy implications. Though given that you can determine it through rendering perhaps we should offer some kind of more straightforward API around that (and make it async so it can be blocked more easily)... > > @tabatkins has the CSS WG been thinking about such a thing? More or less - Houdini is planning on including a much more robust font-metrics API, so you can do complicated font-specific rendering on your own (like what the 'initial-letter' property does, for example). Privacy implications are minimal, since the horse has already left the barn - as you say, it's quite trivial to probe the list of a user's installed fonts today by just inspecting layout (and this apparently gives quite a few bits of entropy when fingerprinting). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/165#issuecomment-355417860
Received on Thursday, 4 January 2018 22:31:40 UTC