You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 8, 2018. It is now read-only.
AMO mentions that Web Font Loader is covered by Decentraleyes, but the FAQ doesn't make clear whether I can or should start carving out exceptions in uBO for Fanboy's anti-font list. Can you clear this up?
Also, although I understand that Decentraleyes is intercepting the WFL code itself, am I correct in believing that continuing to allow remote fonts to load still poses its own metadata leakage risk?
If so, should I look into implementing a low-impact proxy for media elements for mitigation? I can't think of another way to handle leakage via media elements, short of asking for massive scope creep in Decentraleyes—which I'm not and won't. 😁
PS: I _love_ the idea of this extension. Thanks so much!
The text was updated successfully, but these errors were encountered:
What's important to note here is that Web Font Loader is a tool that provides a common interface to loading fonts regardless of the source. It comes bundled with Decentraleyes, since it's fairly popular and is often served from Content Delivery Networks. No actual fonts are included, though.
This means that if you decide to block large font delivery networks (using a regular content blocker), the Web Font Loader library will still be useful for websites that use it to fetch self-hosted fonts.
So, you were pretty much spot-on here. Loading fonts from a central remote source will still expose you to the risks you mentioned in your question. In the future, highly popular fonts and CSS libraries (e.g. Font Awesome and Twitter Bootstrap) might be added, but this is not set in stone.
I'm very happy to hear you like the concept, and you're very welcome!
AMO mentions that Web Font Loader is covered by Decentraleyes, but the FAQ doesn't make clear whether I can or should start carving out exceptions in uBO for Fanboy's anti-font list. Can you clear this up?
Also, although I understand that Decentraleyes is intercepting the WFL code itself, am I correct in believing that continuing to allow remote fonts to load still poses its own metadata leakage risk?
If so, should I look into implementing a low-impact proxy for media elements for mitigation? I can't think of another way to handle leakage via media elements, short of asking for massive scope creep in Decentraleyes—which I'm not and won't. 😁
PS: I _love_ the idea of this extension. Thanks so much!
The text was updated successfully, but these errors were encountered: