- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Mon, 24 Jun 2019 20:29:46 +0000
- To: public-css-archive@w3.org
snyderp has just created a new issue for https://github.com/w3c/csswg-drafts: == [css-fonts] incorporate mitigations for font based fingerprinting == Font based finger printing is a common, privacy violating pattern, where websites build semi-identifiers based on uncommon fonts a user has installed. This semi-identifier is then combined with other semi-unique-identifiers (hardware configuration, user configuration, viewport size, etc) to build highly identifying values, used for tracking users. **Examples** - Panopticlick includes a well know demonstration of how this can be done: https://panopticlick.eff.org - [Fingerprint2.js](https://github.com/Valve/fingerprintjs2#fontsextendedjsfonts) is a popular library that uses font-based fingerprinting (among other signals) to identify users Some browsers provide some defenses against this privacy violation. Safari, for example, only reports the default system fonts through Safari, and will not use other, uncommon fonts, even if they're installed on the OS. Firefox provides a similar option. The standard should be modified to protect against / not allow font-based fingerprinting by default, instead of relying on non-standardized, vendor specific mitigations. **Suggested Mitigation** I suggest having the standard follow Safari's approach, and requiring browsers to only treat the default fonts on the platform as system fonts. A simple (though maybe not the best / most elegant) way of doing this would be to modify section 5.2 in "[CSS Fonts Module Level 3](https://drafts.csswg.org/css-fonts/)" to modify the system font fallback procedure to only return the default platform fonts. Those might be specified per platform, or just as this list: http://www.ampsoft.net/webdesign-l/WindowsMacFonts.html Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4055 using your GitHub account
Received on Monday, 24 June 2019 20:29:48 UTC