Draft language to address font fingerprinting mitigation (#1202). #1210
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
skynavga
requested review from
cconcolato,
andreastai,
palemieux and
nigelmegitt
nigelmegitt
approved these changes
Feb 3, 2021
There was a problem hiding this comment.
This looks good to me, though I have added one fairly minor grammatical nit. I think it matches where we got to in https://www.w3.org/2020/07/27-tt-minutes.html#t02 i.e. it is a helpful change, but we may need more later, after further consideration.
andreastai
reviewed
Feb 4, 2021
| <note role="example"> | ||
| <p>As an example, a mitigation strategy can involve ignoring user-installed <loc href="#terms-font-resource">font resources</loc> | ||
| when choosing whether to dereference (download) <loc href="#terms-font-resource">font resources</loc>.</p> | ||
| </note> | ||
| <p>Implementations of a <loc href="#terms-content-processor">content processor</loc> in the context of a <emph>general purpose browser</emph>, | ||
| as that term is used by <bibref ref="finger"/>, should consider not dereferencing external font resources conditionally in the presence |
There was a problem hiding this comment.
It would be better to say "...should not dereferencing external font resources...". The addition of "consider" weakens the strong recommendation.
|
The Timed Text Working Group just discussed
The full IRC log of that discussion<nigel_> Topic: Draft language to address font fingerprinting mitigation (#1202). #1210<nigel_> github: https://github.com//pull/1210 <nigel_> Nigel: I reviewed this (opened since July), and think it is an improvement and a step on the way but maybe not the end of the changes we need. <nigel_> Andreas: I added one comment to the pull request where the addition is to strongly recommend not to dereference external fonts. <nigel_> .. In the current pull request it says "should consider not dereferencing" <nigel_> .. I think the "consider" should be removed. <nigel_> .. The reasoning is that we had a long discussion with PING, who asked for more, they wanted it normative. <nigel_> .. It is now strong language in a non-normative section. <nigel_> .. I think we should not weaken it more, and it would be better to say "should not do it". <nigel_> Nigel: I think Glenn already indicated he would accept it, and I certainly would. <nigel_> Glenn: I don't like it but I could live with it. <nigel_> Nigel: I can't see Andreas's comment on the pull request, only my proposal. <nigel_> Andreas: I commented it but I maybe need to complete the review. <nigel_> Nigel: If we make that change then my change would not be needed. <nigel_> .. I would like to merge this - any requests for more time to review? <nigel_> group: [no requests for more time] <nigel_> Nigel: In that case when Andreas's change has been processed we should be good to merge. <nigel_> SUMMARY: Andreas's proposal to be applied |
|
Merge per request from @nigelmegitt in order to advance to new CR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1202.