Safari has blocked web content from using local user-installed fonts
since 2018 (Safari 12 on macOS 10.14), so the webcompat risk /seems
/like it should be low in 2023. OTOH, this 2021 article points to tweets
and Stack Overflow posts from web developers frustrated by Safari's
behavior.
https://dev.to/masakudamatsu/don-t-locally-host-google-fonts-for-the-sake-of-safari-bkg
https://gizmodo.com/apple-declares-war-on-browser-fingerprinting-the-sneak-1826549108
On 9/12/2023 8:46 AM, Tim Huang wrote:
AFAICT, we don't have telemetry current for this purpose. We tested
top sites and top designer sites to see if font visibility restriction
causes breakage. So far, we haven't seen any breakages on the sites we
tested.
On Tue, Sep 5, 2023 at 8:49 PM Chris Peterson <[email protected]>
wrote:
Do we have any telemetry (like use counters) to measure when a
site uses a non-system or non-langpack font? Do we know of any
sites that use non-system or non-langpack fonts? I imagine a
common case (besides fingerprinting) would be sites using
Helvetica, not realizing it's not a default Windows font.
I've been dogfooding the various incarnations of these font
visibility prefs ("layout.css.font-visibility.level",
"layout.css.font-visibility.standard",
"layout.css.font-visibility", and
"privacy.fingerprintingProtection") to only show base system fonts
on Windows since 2020 (bug 1634677) and haven't noticed any
obvious site breakage. (Caveat: I've only tested English language
sites.)
On 8/30/2023 3:03 AM, Tim Huang wrote:
Yes, the font visibility restriction will apply to people who
don't have `privacy.fingerprintingProtection` flipped. However,
the behavior only affects private browsing windows. It won't
apply to the normal browsing windows.
We have tested the top tier sites and top designer sites. So far,
we haven't found any font-related issues on those sites. So, we
believe the protection won't affect the browsing experience of
daily usage to average users.
On Tue, Aug 29, 2023 at 7:53 PM Gijs Kruitbosch
<[email protected]> wrote:
Does this apply even for people who have not flipped
`privacy.fingerprintingProtection`? And do we have a sense of
how many websites would be affected in terms of actually
displaying differently as a result?
~ Gijs
On 28/08/2023 10:06, Tim Huang wrote:
We intend to enable font visibility restrictions in private
browsing windows from Fx118. To reduce entropy exposed by
fonts, we restrict the visibility of fonts to websites. The
protection prevents websites from accessing all non-system
and non-langpack fonts.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1849903
Standard: n/a
Platform coverage:
It apply on all desktop platforms, including Windows, Mac,
and Linux. We won't cover Android momentarily, but we are
working on it.
Preference:
The font visibility restrictions in PBM is behind the pref
"privacy.fingerprintingProtection.pbmode". We will set this
pref to true to enable this protection in private browsing
windows. For normal windows, there is another pref called
"privacy.fingerprintingProtection" to control the behavior.
This feature was previously discussed in this "Intent to
prototype" thread:
https://groups.google.com/a/mozilla.org/g/dev-platform/c/tKOOrYXDoHA/m/X4mj4nc-AgAJ
More information can be found there.
--
Tim Huang
Mozilla
email:[email protected]
--
You received this message because you are subscribed to the
Google Groups "[email protected]"
<mailto:[email protected]> group.
To unsubscribe from this group and stop receiving emails
from it, send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7ML8wJ8RiokqTYKZNNFGYk9t7jwUv0EqTqco%3Dn6KOvDonA%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7ML8wJ8RiokqTYKZNNFGYk9t7jwUv0EqTqco%3Dn6KOvDonA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the
Google Groups "[email protected]"
<mailto:[email protected]> group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7MLOq6CSuyZcBnDnZ4TDOq1Eveo-Y88HYV0A08JE4MZr-A%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFjL7MLOq6CSuyZcBnDnZ4TDOq1Eveo-Y88HYV0A08JE4MZr-A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "[email protected]" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/1373e0e5-770f-40ab-b1b4-1fa29e9f8e2e%40mozilla.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/1373e0e5-770f-40ab-b1b4-1fa29e9f8e2e%40mozilla.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/db128f73-4435-4a51-8b5d-aa9a3d0a71b3%40mozilla.com.
