[webkit-dev] Request for position: Local Font Access
Sam Sneddon
gsnedders at apple.com
Fri Apr 8 08:07:34 PDT 2022
On 7 Apr 2022, at 23:34, Joshua Bell via webkit-dev <webkit-dev at lists.webkit.org> wrote:
>
> This is a request for WebKit's position on introducing an API that allows sites to request access to local font data, for use with content authoring tools that use custom text stacks.
>
> Links:
> * Explainer: https://github.com/WICG/local-font-access/
> * Spec: https://wicg.github.io/local-font-access/
> * ChromeStatus: https://chromestatus.com/feature/6234451761692672
I’ll let others respond with regards to the font-data side, but from the font selection point of view:
The status quo for the Cocoa ports (macOS, iOS, etc.) is that only default-system fonts can be accessed from web content, and we’re concerned about undoing that change (it’s well documented that fonts have frequently been used as fingerprinting vectors). It is highly likely that any JS enumeration of fonts would be similarly limited to avoid increasing fingerprinting surface, if we were to implement such an API.
I believe we mentioned previously that we were strongly in favour of not allowing JS to enumerate fonts in any way, and would prefer to go in the path of a UA provided font selector.
This is touched on in the explainer: https://github.com/WICG/local-font-access#add-a-browseros-provided-font-chooser
> The proposed API exposes some more bits about the user via the web that could improve fingerprinting efforts. The bits are based on the presence or lack of presence of certain fonts in the enumeration-returned list.
>
> An alternative to the API that only exposes a single user-selected font was considered. This alternative enumeration API would trigger a browser/OS-provided font chooser and, from that chooser, the user would select a single font. This would reduce the bits exposed to help mitigate fingerprinting at the cost of significant new functionality.
>
> We've heard interest from partners in a full-fledged enumeration API to get access to the list of available fonts on the system, and haven't heard interest in a font-chooser approach to the enumeration API. However, we're keeping the alternative in mind as we balance the need for new functionality with privacy concerns.
We would be interested in hearing what your (Google’s? Chromium’s? Chrome’s?) partners have in way of use-cases that can only be fulfilled with the ability to enumerate fonts in JS, rather than have the UA mediate access to the fingerprinting-sensitive list.
/Sam
More information about the webkit-dev
mailing list