- From: Felipe Erias via GitHub <sysbot+gh@w3.org>
- Date: Wed, 20 Jan 2021 09:18:23 +0000
- To: public-css-archive@w3.org
The current proposals start by determining a set of "safe" fonts that doesn't leak additional information beyond what can be already found elsewhere (OS, language, etc.). For fonts that are installed but outside of that "safe" set, I think that @r12a's idea (mentioned in #5421) might be on the right track: the browser could prompt the user to enable those local fonts for the current domain or for all pages going forward. This UI flow could be similar to the ones already used when a page requests additional permissions, and would include a preview of the requested font. This would provide the user with the necessary context to evaluate whether the request is reasonable. From the point of view of the Web developer, the initial effect would be as if the font is unavailable. The font might become available at some indeterminate point in the future, triggering a style and layout update, but until that happens there would be no way of knowing whether the font is not installed or its use has been declined by the user. Font fingerprinting scripts typically create a bunch of nodes with different `font-family` values, add them to the page via `appendChild()` (which triggers style+layout recalculation), and measure the resulting sizes. Introducing an unpredictable delay would prevent these scripts from detecting fonts beyond those in the "safe" set and those that have been explicitly accepted for the current page. Of course, newer fingerprinting scripts could wait for a while before testing the presence of a font. However, the UI would still reflect that this fingerprinting effort is taking place. Whereas benevolent pages would trigger a message of _"this page wants to use fonts ABC and XYZ"_, for a malevolent one the message would become a more alarming _"this page wants to use 51 fonts"_. The UI may even change when a page requests an unreasonable number of fonts, nudging the user towards declining the request. As is the case with other permissions, there would be a section in the Preferences where the user could review and revoke the fonts that had been made available to particular domains or to all of them. What do you think about this approach? -- GitHub Notification of comment by felipeerias Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4497#issuecomment-763459971 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 20 January 2021 09:18:25 UTC