Re: [csswg-drafts] [css-fonts] limit local fonts to those selected by users in browser settings (or other browser chrome) (#4497)

If I understand things correctly this proposal (1) prevents finger printing for users that go with default browser settings which would only provide access to default system fonts and (2) provides a way for users to give access to additional locally installed fonts they might need for their use cases inside the browser. When going for (2), users consciously drop the safety provided by (1) and become exposed to fingerprinting.

Given the fact that most of the protection provided by the default browser settings are lost when  users decide to give access to additional fonts, I was wondering if that couldn't be achieved through a mechanism that is less tedious for users than manually picking the fonts they might be needing in the browser. For example, what if local font access could be granted per application (domain) and applications could explicitly require that permission through a builtin browser dialog. The dialog would explain to the users the risk they are exposing to. IMHO, the fact that users grant access to local fonts only to the applications they trust, brings more safety than adding access to a subset of fonts which any application can access.

-- 
GitHub Notification of comment by FlorinDumitrescu
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4497#issuecomment-575766644 using your GitHub account

Received on Friday, 17 January 2020 19:39:16 UTC