[csswg-drafts] CSS Fonts 4 needs a proper Security and Privacy Considerations section (#4697) from Tantek Çelik via GitHub on 2020-01-24 (public-css-archive@w3.org from January 2020)

From: Tantek Çelik via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Jan 2020 09:49:37 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-554637154-1579859376-sysbot+gh@w3.org>

tantek has just created a new issue for https://github.com/w3c/csswg-drafts:

== CSS Fonts 4 needs a proper Security and Privacy Considerations section ==
Currently the [CSS Fonts Level 4 Security and Privacy Considerations section](https://drafts.csswg.org/css-fonts/#priv-sec) has a single sentence:

&gt; “The system-ui keyword exposes the operating system’s default system UI font to fingerprinting mechanisms.”

This is insufficient. The Security and Privacy Considerations section needs to at a minimum include:

  * Answers to the Security and Privacy Questionnaire from the W3C TAG: [https://www.w3.org/TR/security-privacy-questionnaire/](https://www.w3.org/TR/security-privacy-questionnaire/)
  * Explicitly note the fingerprinting dangers as being discussed in [#4497](https://github.com/w3c/csswg-drafts/issues/4497)



Labels: css-fonts, css-fonts-4

(Originally published at: https://tantek.com/2020/024/b1/css-fonts-needs-security-privacy)

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4697 using your GitHub account

Received on Friday, 24 January 2020 09:49:39 UTC