Re: [csswg-drafts] [css-fonts][css-fonts-4] CSS Fonts 4 needs a proper Security and Privacy Considerations section (#4697) from Myles C. Maxfield via GitHub on 2020-02-19 (public-css-archive@w3.org from February 2020)

From: Myles C. Maxfield via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Feb 2020 01:29:15 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-587988875-1582075754-sysbot+gh@w3.org>

Oh, there's a well-documented attack where a site has a gazillion @font-face blocks, and each one has a `unicode-range` with a distinct character and a distinct remote `src` url. This means that the server hosting the font files can see which characters are used on a page.

-- 
GitHub Notification of comment by litherum
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4697#issuecomment-587988875 using your GitHub account

Received on Wednesday, 19 February 2020 01:29:17 UTC