Re: [csswg-drafts] [css-fonts-4] Detection-prevention approach to the local font privacy issue (#11648)

> For fingerprinting detection, you'd be making users download a large amount of fake fonts. They'd have to be big to effectively race with a delayed loading of a local font.

Unfortunately, I do not think this is a significant barrier to practical privacy attacks. Before cache partitioning was the norm, the web was rife with similar cache-probe attacks (to re-identify users across sites w/o using cookies/browser storage).

From looking at the fonts installed on my machine, i see fonts as small as 5k (I bet if your goal was to make a minimally-small font, you could get a valid font even smaller). The current version of fingerprint.js probes for [52 fonts](https://github.com/fingerprintjs/fingerprintjs/blob/master/src/sources/fonts.ts#L14), meaning fingerprint.js could continue their existing attack by just inducing a user to download a max of 260k.  Unfortunately, I expect many advertisers/sites/fingerprintjs-deployers would happily have a user download 260k to increase the chance of reidentifying a user

-- 
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/11648#issuecomment-2679695438 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 24 February 2025 21:31:05 UTC