Re: [csswg-drafts] [css-fonts] incorporate mitigations for font based fingerprinting (#4055)

I don't think we want to list the specific fonts in the spec.  The general rule should be that the list of fonts shouldn't provide any more information than can be obtained by other means: e.g., by the combination of browser & OS & preferred language.  (I don't know about Mac, but Windows has language specific fonts that are included in the OS but not installed by default unless the user actually uses that language in the OS.)

I would also hope that there would be some exclusion/option for supporting a wider set of fonts for trusted sites.

For the PR: Fonts Level 4 already has a section on [Preinstalled Fonts vs User-Installed Fonts](https://drafts.csswg.org/css-fonts-4/#preinstalled-and-user-installed-fonts), which currently says:

> User Agents may choose to ignore User-Installed Fonts for the purpose of the Font Matching Algorithm.

So, the request here is to upgrade that "may" into a "should".

This should probably affect `local()` references in `@font-face`, as well as `font-family` matching.  Otherwise, the fingerprinting techniques could be changed to compare a font-face defined as `src: local(test-name), src(reference.woff);`, where the reference file has a characteristic size that will differ from the true font of that name.  (Unfortunately, this means that periodically downloading & installing the most popular Google Fonts will no longer save me own data!)

_____________

Next step: work on an API for full access to all installed fonts as a list! (With an explicit permission prompt, of course, which would also allow those fonts to be used for rendering.) This is essential for document-editing web apps to replace their native versions.  Some apps still use Flash just to get this data.

-- 
GitHub Notification of comment by AmeliaBR
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4055#issuecomment-505208473 using your GitHub account

Received on Monday, 24 June 2019 22:42:33 UTC