[css-fonts][css-fonts-4] CSS Fonts 4 needs a proper Security and Privacy Considerations section #4697
Description
Currently the CSS Fonts Level 4 Security and Privacy Considerations section has a single sentence:
> “The system-ui keyword exposes the operating system’s default system UI font to fingerprinting mechanisms.”
This is insufficient. The Security and Privacy Considerations section needs to at a minimum include:
- Answers to the Security and Privacy Questionnaire from the W3C TAG: https://www.w3.org/TR/security-privacy-questionnaire/
- Explicitly note the fingerprinting dangers as being discussed in #4497
Labels: css-fonts, css-fonts-4
(Originally published at: https://tantek.com/2020/024/b1/css-fonts-needs-security-privacy)