Merge pull request #1203 from /issues/1202-font-matching-fingerprinting

Add consideration for font fingerprinting.
w3c · Jun 11, 2020 · 14db231 · 14db231
2 parents a7efeed + bd9fae2
commit 14db231
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/spec/ttml2.xml b/spec/ttml2.xml
@@ -26343,6 +26343,11 @@ W3C Recommendation, 11 May 2010.
 W3C Recommendation 8 June 2017. 
 (See <xspecref href="https://www.w3.org/TR/xslt-30/">https://www.w3.org/TR/xslt-30/</xspecref>.)
 </bibl>
+<bibl id="finger" key="FINGER">Nick Doty, Ed., <titleref
+href="https://www.w3.org/TR/2019/NOTE-fingerprinting-guidance-20190328/">Mitigating Browser Fingerprinting in Web Specifications</titleref>,
+W3C Interest Group Note, 28 March 2019. (See
+<xspecref href="https://www.w3.org/TR/2019/NOTE-fingerprinting-guidance-20190328/">https://www.w3.org/TR/2019/NOTE-fingerprinting-guidance-20190328/</xspecref>.)
+</bibl>
 </blist>
 </inform-div1>
 <inform-div1 id="requirements">
@@ -29432,6 +29437,18 @@ information about the user. However, the offering of a <loc href="#terms-timed-t
 and the choice whether to retrieve and process it are characteristics of the application that makes the offer (e.g. a web
 application based on <bibref ref="html"/>), rather than of the Document Instance itself.</p>
 </div2>
+<div2>
+<head>Font Detection</head>
+<p>By conditionally dereferencing (downloading) <loc href="#terms-font-resource">font resources</loc> based on the existence of
+locally-installed <loc href="#terms-font-resource">font resources</loc>, a <loc href="#terms-content-processor">content processor</loc>
+introduces a potential fingerprinting vulnerability as defined in <bibref ref="finger"/>. Existence and mitigation of such vulnerability depends on the 
+<loc href="#terms-content-processor">content processor</loc> implementation and overall system architecture.</p>
+
+<note role="example">
+<p>As an example, a mitigation strategy can involve ignoring user-installed <loc href="#terms-font-resource">font resources</loc>
+when choosing whether to dereference (download) <loc href="#terms-font-resource">font resources</loc>.</p>
+</note>
+</div2>
 </inform-div1>
 <inform-div1 id="hdr-compositing">
 <head>High Dynamic Range Compositing</head>