- From: jfkthame via GitHub <sysbot+gh@w3.org>
- Date: Mon, 02 Mar 2020 16:47:19 +0000
- To: public-css-archive@w3.org
One thing I have wondered is whether browsers could continue to allow locally-installed fonts to be used _for font fallback purposes_, even when they're not exposed as family names that `font-family` can match. This would mean that if the user has installed a local font to support a Unicode block that the default OS fonts don't cover, content using those Unicode characters would remain readable rather than being rendered as blank boxes or whatever. A site wanting to fingerprint users would presumably be able to tell that the user has _some_ font that supports the given Unicode block, by detecting a difference in metrics from what "tofu" rendering would give, but would not be able to directly test for specific font-family names. ISTM this would increase the effort involved in font fingerprinting (it would now require researching the specific Unicode ranges that might be relevant, not just a list of thousands of potential fonts), while at the same time greatly reducing the amount of information that could be gleaned (only the presence of _a_ font for an otherwise-unsupported Unicode range, not a long list of general-purpose font names), which makes the whole area a much less attractive target for would-be trackers. -- GitHub Notification of comment by jfkthame Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4497#issuecomment-593499234 using your GitHub account
Received on Monday, 2 March 2020 16:47:21 UTC