- From: pes10k via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Feb 2025 22:20:16 +0000
- To: public-css-archive@w3.org
here are some suggestions to the group, for addressing the privacy risk here without harming the i18n use cases (which I agree are critical). The details would matter here, and one of these alone might not be enough to address the problem in isolation, or they might have other issues im not anticipating that would prevent them from being useful privacy protections, but theres are directions I don't see being discussed and I hope might help.
- A permission model: Straw-wording, but something along the lines of:
```The webpage you're viewing is trying to access uncommon fonts, which can harm your privacy. If the page you're viewing is rendered oddly or there is missing important text, it may wish to allow the site to access these additional fonts:
[ ] block font access
[ ] allow for this page
[ ] allow for all pages.
```
You could even try framing the above differently, not even mentioning fonts, but just asking if the page looks rendered oddly.
- Only allowing font access if it would apply to a significant amount of rendered, visible page text, and put a non-trivial delay on changing the font applied to rendered text.
(I also think the list-based approach would be very effective, and im skeptical of the practicality issues that have been raised. I know this approach has been discussed elsewhere, but im just adding it here for completeness)
--
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/11571#issuecomment-2654967612 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 12 February 2025 22:20:17 UTC