W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2019

Re: PING call - reminder and agenda - 16 May 2019 UTC 16

From: Pete Snyder <psnyder@brave.com>
Date: Thu, 16 May 2019 15:17:18 -0700
Cc: Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <73840BC0-00C7-4B34-B45A-D82231B7D0F1@brave.com>
To: David Singer <singer@apple.com>
Hi David,

Just to fill you in on the discussion from the call, the decision is that I’d draft a blog post PING could share outlining proposed changes for privacy in standards, and then once that’s laid the ground, we could work on specific process changes.

TL;DR: nothing for the immediate future

Pete Snyder
{pes,psnyder}@brave.com
Brave Software
Privacy Researcher

> On May 15, 2019, at 6:38 PM, David Singer <singer@apple.com> wrote:
> 
> 
> 
>> On May 15, 2019, at 17:10 , Pete Snyder <psnyder@brave.com> wrote:
>> 
>> Hello folks,
>> 
>> I will be able to attend the call tomorrow (hurray!).
>> 
>> Also, I would like to add two items to the agenda, if time allows.
>> 
>> First, discussing and drafting process change suggestions that we (maybe David would be best?) could take the to process-setting committee.  These would be things like “standards must include normative privacy mitigations”, etc.  This came out a conversation with Jeff J at Brave yesterday.
> 
> willing to think about it; but the process needs to be pretty specific. I’m not normally on the call, so loop me in to any resulting conversation?
> 
>> 
>> Second, I would appreciate time to discuss the “fix old standards to fix font-fingerprinting” issue that Jason and I volunteered for.
>> 
>> As a preview, my suggestion is to make the following change to the current “[CSS Fonts Module Level 3](https://drafts.csswg.org/css-fonts/)” text:
>> 
>> Amend step 7 of the font-matching algorithm described in section 5.2, from its current text:
>> 
>> ```
>> 	If there are no more font families to be evaluated and no matching face has been found,
>> 	then the user agent performs a system font fallback procedure to find the best match for
>> 	the character to be rendered. The result of this procedure may vary across user agents.
>> 
>> ```
>> 
>> To the following text (additions called out by **):
>> 
>> ```
>> 	If there are no more font families to be evaluated and no matching face has been found,
>> 	then the user agent performs a system font fallback procedure to find the best match for
>> 	the character to be rendered. The result of this procedure may vary across user agents
>> 	*but MUST only be selected from the font families listed in Appendix B*.
>> 
>> ```
>> 
>> And then add the following text as a new Appendix B:
>> 
>> ```
>> 	Appendix B. Valid System Fonts for the System Font Fallback Process
>> 	(List of fonts installed by default on recent OSX, recent Windows, and popular linux
>> 	distros.)
>> ```
>> 
>> The above wouldn’t solve all font fingerprinting (since, if a OSX user and installed, say, a common Windows font, that would still be identifying) but it would make things better than the present.  A more aggressive / ambitious version of this would specific sets of system fonts (by platform).  I’m ambivalent on if that is the best way to go, but would be interested in folks thoughts.
>> 
>> Finally, Jason pointed out that a similar change would need to be made to the WebGL standard, which defines its own font selection algorithm (canvas and SVG seem to fall back on CSS Fonts Module Level 3).
>> 
>> Christine, if there is time in the schedule for this, I’d appreciate if we could discuss.
>> 
>> Pete Snyder
>> {pes,psnyder}@brave.com
>> Brave Software
>> Privacy Researcher
>> 
>>> On May 14, 2019, at 10:39 AM, Pete Snyder <psnyder@brave.com> wrote:
>>> 
>>> I will be in attendance if possible.  Unfortunately this time overlaps with commitments at the WWW conference going on this week (including Thursday) but will be in attendance if at all possible
>>> 
>>> Pete Snyder
>>> {pes,psnyder}@brave.com
>>> Brave Software
>>> Privacy Researcher
>>> 
>>>> On May 13, 2019, at 3:01 PM, Christine Runnegar <runnegar@isoc.org> wrote:
>>>> 
>>>> A friendly reminder that the monthly W3C Privacy Interest Group (PING) call is scheduled for this Thursday at the usual time - UTC 16.
>>>> 
>>>> On the agenda:
>>>> 
>>>> 1. Web of Things and privacy
>>>> 
>>>> Web of Things (WoT) Architecture
>>>> 
>>>> Current document link: https://w3c.github.io/wot-architecture/
>>>> Latest version link: https://www.w3.org/TR/wot-architecture/
>>>> 
>>>> Web of Things (WoT) Thing Description 
>>>> 
>>>> Current document link: https://w3c.github.io/wot-thing-description/
>>>> Latest version link: https://www.w3.org/TR/wot-thing-description/
>>>> 
>>>> 2.  Improving Web privacy - next steps
>>>> 
>>>> 3. AOB
>>>> 
>>>> Christine
>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
Received on Thursday, 16 May 2019 22:17:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:37 UTC