- From: Tab Atkins Jr. <notifications@github.com>
- Date: Fri, 05 Jan 2018 11:19:36 -0800
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/permissions/issues/165/355641528@github.com>
> This must be eliminated disregarding compatibility. If any website uses this, its should be their problem. Our problem is to eliminate the fingerprinting vector without crippling non-fingerprinting uses. The browser can handle that, as mentioned in the Firefox bug up above, by whitelisting a set of local fonts visible to the webpage. That avoids the fingerprinting vector entirely, and I'd support that. (The page would then only have access to the whitelist fonts, and whatever they pull in themselves via @font-face.) > I'm not CSS spec, so I wonder if getBoundingClientRect can be replaced with CSS entirely. I mean if it is possible implement and enforce the rule "if a one needs getBoundingClientRect to compute complex layout, he must use purely CSS solution rather than use JS for it, and the sizes mustn't leak to JS". It can't be. CSS, while powerful, has nothing on the abilities of a full programming language like JS, and gBCR can't generally be replaced. This would basically kill *all* alternative layouts besides the few that CSS explicitly gives you. > Of course, in fact this initiative may be blocked by some companies taking major share of browser market and supporting fingerprinting. This is neither true nor kind, so it fails the conversational test. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/165#issuecomment-355641528
Received on Friday, 5 January 2018 19:23:19 UTC