Web Font Loading implication for WOFF elements? #32
Comments
|
What's important to note here is that Web Font Loader is a tool that provides a common interface to loading fonts regardless of the source. It comes bundled with Decentraleyes, since it's fairly popular and is often served from Content Delivery Networks. No actual fonts are included, though. This means that if you decide to block large font delivery networks (using a regular content blocker), the So, you were pretty much spot-on here. Loading fonts from a central remote source will still expose you to the risks you mentioned in your question. In the future, highly popular fonts and CSS libraries (e.g. Font Awesome and Twitter Bootstrap) might be added, but this is not set in stone. I'm very happy to hear you like the concept, and you're very welcome! |
AMO mentions that Web Font Loader is covered by Decentraleyes, but the FAQ doesn't make clear whether I can or should start carving out exceptions in uBO for Fanboy's anti-font list. Can you clear this up?
Also, although I understand that Decentraleyes is intercepting the WFL code itself, am I correct in believing that continuing to allow remote fonts to load still poses its own metadata leakage risk?
If so, should I look into implementing a low-impact proxy for media elements for mitigation? I can't think of another way to handle leakage via media elements, short of asking for massive scope creep in Decentraleyes—which I'm not and won't. 😁
PS: I _love_ the idea of this extension. Thanks so much!
The text was updated successfully, but these errors were encountered: