- From: KOLANICH <notifications@github.com>
- Date: Fri, 05 Jan 2018 02:52:55 -0800
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 5 January 2018 10:53:19 UTC
>Privacy implications are minimal, since the horse has already left the barn - as you say, it's quite trivial to probe the list of a user's installed fonts today by just inspecting layout (and this apparently gives quite a few bits of entropy when fingerprinting). This must be eliminated disregarding compatibility. If any website uses this, its should be their problem. Our problem is to eliminate the fingerprinting vector without crippling non-fingerprinting uses. I'm not CSS spec, so I wonder if getBoundingClientRect can be replaced with CSS entirely. I mean if it is possible implement and enforce the rule "if a one needs getBoundingClientRect to compute complex layout, he must use purely CSS solution rather than use JS for it, and the sizes mustn't leak to JS". Of course, in fact this initiative may be blocked by some companies taking major share of browser market and supporting fingerprinting. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/165#issuecomment-355527119
Received on Friday, 5 January 2018 10:53:19 UTC