W3C home > Mailing lists > Public > public-css-archive@w3.org > March 2020

Re: [csswg-drafts] [css-fonts] limit local fonts to those selected by users in browser settings (or other browser chrome) (#4497)

From: jfkthame via GitHub <sysbot+gh@w3.org>
Date: Mon, 02 Mar 2020 16:47:19 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-593499234-1583167638-sysbot+gh@w3.org>
One thing I have wondered is whether browsers could continue to allow locally-installed fonts to be used _for font fallback purposes_, even when they're not exposed as family names that `font-family` can match.

This would mean that if the user has installed a local font to support a Unicode block that the default OS fonts don't cover, content using those Unicode characters would remain readable rather than being rendered as blank boxes or whatever.

A site wanting to fingerprint users would presumably be able to tell that the user has _some_ font that supports the given Unicode block, by detecting a difference in metrics from what "tofu" rendering would give, but would not be able to directly test for specific font-family names.

ISTM this would increase the effort involved in font fingerprinting (it would now require researching the specific Unicode ranges that might be relevant, not just a list of thousands of potential fonts), while at the same time greatly reducing the amount of information that could be gleaned (only the presence of _a_ font for an otherwise-unsupported Unicode range, not a long list of general-purpose font names), which makes the whole area a much less attractive target for would-be trackers.

-- 
GitHub Notification of comment by jfkthame
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4497#issuecomment-593499234 using your GitHub account
Received on Monday, 2 March 2020 16:47:21 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:02 UTC