Re: Fonts, Privacy, and Not Breaking the Web from Nick Doty on 2024-10-04 (www-style@w3.org from October 2024)

From: Nick Doty <ndoty@cdt.org>
Date: Fri, 4 Oct 2024 12:11:10 -0400
To: Chris Lilley <chris@w3.org>
Cc: "public-i18n-core@w3.org" <public-i18n-core@w3.org>, public-privacy@w3.org, "www-style@w3.org" <www-style@w3.org>
Message-ID: <CA+tYtvHBRXgXjTNmLcP+JZ9v6F0BNO1GE86MhGr2dk3CSHwVhg@mail.gmail.com>

Thanks Chris for putting this document together to explain some of the
context and for helping to coordinate a productive lunch conversation at
TPAC.

Some additional links could be of interest; a few years ago when this item
was discussed, there were a couple of proposals put forward about hinting
or clustering fonts around particular locales or language preferences in an
effort to both protect against exposure (either browser fingerprinting or
revealing a user's interest in a minority language) and to provide access
to content that needs fonts for particular languages.

These documents haven't been recently updated, but may still be of
interest. And as I understand it, browsers have continued to extend privacy
protections along somewhat similar lines:
https://github.com/w3cping/font-anti-fingerprinting
https://github.com/w3cping/font-fp-protection-browser-hinting
Thanks Jeffrey and Pete for those explainers, and please feel free to chime
in with any more recent documentation or proposals.

My sense is that it generally should be possible to recommend that browsers
typically not reveal non-system fonts to web sites and also to recommend
that browsers accommodate users viewing sites that need an available but
non-system font. (We brainstormed options over lunch, but I expect that
could benefit from further discussion. And spec language could vary in how
it recommends that the browser accomplish those goals.) And there may be
additional mitigations for fingerprinting that are distinct from the
mitigations against revelation about a particular minority language font,
although some would mitigate both risks.

On Wed, Sep 25, 2024 at 9:00 PM Chris Lilley <chris@w3.org> wrote:

> I put together a document summarizing the background for the
> I18n-Privacy-TAG discussion on locally installed fonts:
>
> https://www.w3.org/2024/09/font-i18n-privacy.html
>
> --
> Chris Lilley
> @svgeesus
> Technical Director @ W3C
> W3C Strategy Team, Core Web Design
> W3C Architecture & Technology Team, Core Web & Media
>
>
>

Received on Friday, 4 October 2024 16:11:27 UTC