- From: Chris Lilley <chris@w3.org>
- Date: Fri, 18 Apr 2025 16:09:08 -0400
- To: www-international@w3.org
- Message-ID: <af064d6b-c63f-4b33-8965-07d3e1babb09@w3.org>
On 2025-04-17 23:04, Fuqiao Xue minuted: > r12a: First remark should be that they haven't read the Safari > discussion. > … And they don't seem to acknowledge the issues that > system-font-only creates and they don't talk about the proposed > solutions, such as opt-in and local document use. They do talk about proposed solutions: > Allow users to grant access to all locally-installed fonts to specific origins using the Local Font Access API <https://developer.chrome.com/docs/capabilities/web-apis/local-fonts>> https://github.com/explainers-by-googlers/limiting-local-fonts-access?tab=readme-ov-file From the explainer for Local Font Access API: > https://developer.chrome.com/docs/capabilities/web-apis/local-fonts#why_do_we_need_the_local_font_access_api_when_there_are_web_fonts However, the access granted by that API is very broad and detailed, and is a fine-grained fingerprinting vector as it - exposes specific font internals such as version numbers. - exposes a complete list of all installed fonts The TAG design review(s) were closed for lack of response to TAG comments https://github.com/w3ctag/design-reviews/issues/399 https://github.com/w3ctag/design-reviews/issues/400 See in particular: https://github.com/w3ctag/design-reviews/issues/400#issuecomment-1215333348 https://developer.chrome.com/docs/capabilities/web-apis/local-fonts#why_do_we_need_the_local_font_access_api_when_there_are_web_fonts https://developer.chrome.com/docs/capabilities/web-apis/local-fonts#why_do_we_need_the_local_font_access_api_when_there_are_web_fonts https://developer.chrome.com/docs/capabilities/web-apis/local-fonts#why_do_we_need_the_local_font_access_api_when_there_are_web_fonts -- Chris Lilley @svgeesus@mastodon.scot Technical Director @ W3C W3C Technical Programming Team, Core Web Design
Received on Friday, 18 April 2025 20:09:11 UTC