Re: [csswg-drafts] [css-fonts] incorporate mitigations for font based fingerprinting (#4055)

> Setting aside our different opinions on privacy budget, can we at least agree that since it hasn't even been fully defined (let alone proposed or standardized), its not a useful solution to the problem discussed here?

No, we can't, because Privacy Budget is intended by Chrome's security folks to be the way to solve the problem discussed here.

Put another way, I'll object to anything in this vein that attempts to standardize a Safari-like "spec mandates you must never expose more than this subset of local fonts" until my security folks tell me they've given up and that's the best way forward.

> Sure, understood that solving this issue won't solve fingerprinting, but the only way to get the # of identifying bits down to an acceptable number is to start removing as bits anywhere and everywhere we can (where "can" means "w/o breaking the web").

I addressed this in my preceding comments, and so has Florian. No one is saying "this one change won't fix fingerprinting, so let's not do it", so talking about that as an objection is a moot point.

**@frivoal said:**
> As I understand it, @tabatkins 's claim is that he (and Google) are skeptical that we can ever reach a usefully low number, and that they would therefore like to see some attempt at proving that it is possible (or at least plausible) that we can get there at all before we start removing things.

Yup, exactly. Again, this is *not* a situation where incremental progress is worthwhile; getting halfway to the goal has zero benefit. It needs to be shown that we can actually plausibly reach the goal before we start breaking things to move toward it.

> What do we count as "breaking the web"? How severely do we need to inconvenience people before it counts as breaking the web? How many people need to be impacted? What if it is a small absolute number that represents a high percentage of a particular demographic?

Yup, and this is an important part of the analysis as well. Killing fingerprinting will bring benefits, but limiting a bunch of APIs will bring harms. Need to make sure the balance is worthwhile, but at the moment we have no idea what the set of harms we'll be looking at even are.

GitHub Notification of comment by tabatkins
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 1 October 2019 01:32:23 UTC