[Webkit-unassigned] [Bug 177039] [FreeType] Font variations not working for some fonts declared with CSS @font-face

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 2 11:25:13 PST 2023


--- Comment #12 from Commenter25 <c at commenter.cc> ---
(In reply to Michael Catanzaro from comment #11)
> Part of the problem is that arbitrary locally-installed fonts are visible to
> the web at all. There's little point in trying to protect users from other
> fingerprinting vectors if we don't fix such an obvious one. Only a few
> allowlisted fonts should be visible to WebKit. I wonder if we have a
> different bug report for that or not....

I have to agree, I see little value in exposing local fonts. The only possible benefit is potential bandwidth savings in the likely uncommon chance someone has your font installed. And the cost is one of the biggest fingerprinting vectors on the web.

Even if we ignore fingerprinting, it encourages inconsistent website designs. I have seen developers place very particular stylized fonts in a font-family without distributing that font themselves. This looks fine to the developer with this font on their system, but to most users who likely don't have that font, it will not appear as the author intended. Limiting local fonts would encourage developers to make a consistent experience for users by distributing the font directly, and making a fallback with a standardized font people are expected to have.

There is also the possibility of someone having a font installed with the same name but is not actually the same font. A likely example is using a variable font on your website, but someone only has static versions installed, so any variable features become broken. An extreme example would be someone happening to have a font installed with the same name, but it is something completely different, like a fancy cursive font or even an icon font rather than a simple sans-serif font. 

There are already generally agreed upon "web safe" fonts and system fonts that everyone likely has. Perhaps setting a standard for people to only use these fonts would be for the better. This is just my take of course, this seems like a big decision with many nuances that should be discussed elsewhere. In particular, which specific fonts to allow is something to carefully consider.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230302/478d0c07/attachment.htm>

More information about the webkit-unassigned mailing list