Contact emails ta...@google.com, riz...@google.com
Explainer https://github.com/explainers-by-googlers/limiting-local-fonts-access?tab=readme-ov-file Specification None Summary Limits the fonts websites can use to only the default system fonts installed by the operating system. The unique set of locally installed fonts can be used for cross-site user tracking by measuring the side-effects of font rendering. By restricting user-installed font access, we aim to improve user privacy. Blink component Blink>Fonts Motivation Users have unique font collections on their devices, and this uniqueness can be exploited to track them across the web by analyzing font rendering. This undermines user privacy by allowing websites to re-identify individuals. To mitigate this privacy risk, a solution is needed to limit websites' access to a user's set of locally installed fonts. Recent CSS working group discussions have also brought up the idea of prescribing user agents to not expose user-installed fonts on the web as a privacy protecting measure. These measures mirror Safari's approach of limiting local font availability by restricting to fonts that are bundled with the operating system by default. Initial public proposal https://github.com/explainers-by-googlers/limiting-local-fonts-access TAG review None TAG review status Pending Risks Interoperability and Compatibility None Gecko: Shipped/Shipping (https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting#:~:text=Enable%20Fingerprinting%20Protection%3A%20To%20control,Known%20fingerprinters%20and%20Suspected%20fingerprinters) WebKit: Shipped/Shipping (https://webkit.org/tracking-prevention) Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Is this feature fully tested by web-platform-tests? No Flag name on about://flags None Finch feature name None Non-finch justification None Requires code in //chrome? False Estimated milestones DevTrial on desktop 138 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5185489285677056?gate=5188393555984384 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67edade5.170a0220.2d63e1.0a6e.GAE%40google.com.
