- From: Myles C. Maxfield <mmaxfield@apple.com>
- Date: Tue, 23 Jul 2019 14:40:41 -0700
- To: "w3c-webfonts-wg (public-webfonts-wg@w3.org)" <public-webfonts-wg@w3.org>
- Cc: Tess O'Connor <hober@apple.com>
Hi! We’ve already gotten started with plenty of discussions around streamable fonts, but I think there’s a topic which hasn’t been discussed yet. In the current state-of-the-art, the browser downloads a font file if any character is within the supported unicode-range. In general, this makes it difficult for a server to reverse-engineer the contents of a page. Of course, it is possible to construct a malicious set of @font-face rules which maps each character to a different font, but that isn’t the common case on the Web today, and it has significant negative user impact like flashing a random set of letters as the page is loading, and disabling all shaping. The distinction is relevant when the service hosting the font files is different from the service hosting the CSS. A naive solution to the streamable fonts problem would have the browser request exactly the characters/glyphs that are present on the page. However, this is unfortunate because it makes it fairly easy for the server to reverse-engineer the contents of webpages, thereby creating a privacy violation. This is even worse for dynamic content; not only would the server know exactly what the user was typing, but also the speed and time that each character was pressed. Instead, any solution to the streamable fonts problem should require a browser to request more than it needs in an effort to mask the content of the page. It is possible that a solution where the server interprets such a request and sends even more data than the browser asked for could be wasting a significant amount of data in the response. We should model this in our evaluation of the various approaches to solve this problem. Thanks, Myles
Received on Tuesday, 23 July 2019 21:41:06 UTC