w3c · skynavga · Feb 17, 2021 · Jul 28, 2020 · andreastai · Feb 3, 2021
diff --git a/spec/ttml2.xml b/spec/ttml2.xml
@@ -29522,10 +29522,10 @@ any controls designed to allow or restrict access to such resources are also out
 <p>If the fetching of such resources is prevented by the <loc href="#terms-content-processor">content processor</loc>,
 then the entire document or portions of the document may not be processed as intended, and, therefore, some or all of a document&apos;s
 content may not be available for presentation processing.</p>
-<p>A user agent that downloads external resources during media playback indicates to the origin server of the resource the progress of the user&apos;s 
+<p>A <loc href="#terms-content-processor">content processor</loc> that downloads external resources during media playback indicates to the origin server of the resource the progress of the user&apos;s 
   media consumption. In many cases such media progress information is available to the origin server of the media via other mechanisms, for example 
   by scripting or by monitoring streaming media requests.</p>
-<p>User agents that do not enforce cross origin policies when downloading external resources expose such media progress information and potentially 
+<p><loc href="#terms-content-processor">Content processors</loc> that do not enforce cross origin policies when downloading external resources expose such media progress information and potentially 
   other user tracking information to other origins without the consent of the web site serving the media and without the consent of the user. This 
   specification defines no APIs and makes no statement on how implementations are expected to obtain referenced resources.</p>
 </div2>
@@ -29562,7 +29562,7 @@ Furthermore, the semantics of link activation, if supported, is similarly outsid
 </div2>
 <div2>
 <head>Privacy of Preference</head>
-<p>A user agent that selects and causes to download or interpret a
+<p>A <loc href="#terms-content-processor">content processor</loc> that selects and causes to download or interpret a
 <loc href="#terms-timed-text-document-instance">timed text document instance</loc> might indicate to the origin server that the user
 has a need for captions or subtitles, and, therefore, may indicate the language preference of the user for fetching captions or subtitles.
 This language preference constitutes 
@@ -29576,11 +29576,13 @@ application based on <bibref ref="html"/>), rather than of the Document Instance
 locally-installed <loc href="#terms-font-resource">font resources</loc>, a <loc href="#terms-content-processor">content processor</loc>
 introduces a potential fingerprinting vulnerability as defined in <bibref ref="finger"/>. Existence and mitigation of such vulnerability depends on the 
 <loc href="#terms-content-processor">content processor</loc> implementation and overall system architecture.</p>
-
 <note role="example">
 <p>As an example, a mitigation strategy can involve ignoring user-installed <loc href="#terms-font-resource">font resources</loc>
 when choosing whether to dereference (download) <loc href="#terms-font-resource">font resources</loc>.</p>
 </note>
+<p>Implementations of a <loc href="#terms-content-processor">content processor</loc> in the context of a <emph>general purpose browser</emph>,
+as that term is used by <bibref ref="finger"/>, should consider not dereferencing external font resources conditionally in the presence
+of user-installed fonts where that dereferencing could reveal information about the user&apos;s system or fingerprint the user.</p>
 </div2>
 </inform-div1>
 <inform-div1 id="hdr-compositing">