- From: Lea Verou via GitHub <sysbot+gh@w3.org>
- Date: Thu, 30 Jan 2025 07:29:51 +0000
- To: public-css-archive@w3.org
> I'm not sure that's a very strong counter-argument, because of the possibility that "the user's locale" (as far as the site can determine it) will still be a major-language/region locale, not one that reflects their interest in a particular language. Identifying which minority-language fonts I have installed would provide much more fingerprinting entropy than simply knowing my locale. I was referring to the HTTP headers too, updated the OP to make that more clear. > I think it might be possible using `<canvas>`. Call `CanvasRenderingContext2D.font = '<long-list-of-fonts>'`, draw a distinguishing glyph, then use `getImageData()` to read back the result and compare to known renders. Once the applied font has been identified, trim the front of the list up to and including that font, then repeat to find the next installed font. Ooh, that's a good point. Although most fingerprinting is about the fonts you _have_, and you'd eventually hit the limit. I updated the OP with a concept of "contexts that can obtain access" vs "contexts that can only _use_ (already obtained) local fonts, perhaps that could be a solution. Or just a larger limit, and having misses count too, but it's unclear to me if a limit that's 3-4x larger offers better privacy protection. -- GitHub Notification of comment by LeaVerou Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/11571#issuecomment-2623741221 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 30 January 2025 07:29:52 UTC