- From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
- Date: Thu, 13 Feb 2025 09:06:10 +0000
- To: public-css-archive@w3.org
> Thank you [@noamr](https://github.com/noamr) for the novel suggestion! A couple of thoughts, questions, and reactions: > > > Every local font has to have an equivalent web-font URL > > I think requiring these kinds of annotations are at root a useful direction for the problem. You'll still need some kind of trusted list to make sure the font the URL points to matches the font thats on the disk though (otherwise i can still learn if the visitor / client has font X installed by i. precomputing the width of some text when rendered in X, ii. pointing the annotation-URL to some very very different looking font, and waiting a while and seeing if the rendered text looks more like X, or my fake, very-different-sized X). But, maintaining such a list seems very doable, and i think a useful direction for the group to dig in! For fingerprinting detection, you'd be making users download a large amount of fake fonts. They'd have to be big to effectively race with a delayed loading of a local font. > > > "Agreed, but those uncommon fonts are also less likely to be useful for fingerprinting at scale. > > I understand this intuition, but in practice, unfortunately this is not a safe assumption (and part of what makes fingerprinting such a difficult problem in general). Fingerprinting bits that are rare are in someways less worrying (since they're less likely to occur), but in other ways they're far more worrying (since when they do occur, or are found by the attacker, they're highly identifying). In general, you need to protect against common and uncommon fingerprinting inputs alike The intuition is not to leave these less-common fonts behind, but that a problem at this scale might require several solutions that cover different aspects it, rather than a single silver bullet. If we find a way to protect users of the more common fonts, and at the same time also make it much more difficult to detect users of the less common fonts (by making those requests async, and delay them if the font is not painted in a visible place), we can compartmentalise this problem further and perhaps make room for an additional solution in the future for the remaining aspects. -- GitHub Notification of comment by noamr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/11648#issuecomment-2655953858 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 13 February 2025 09:06:11 UTC