Record Mozilla's position from #7.

[jyasskin]

@bholley, is your comment in https://github.com/w3cping/font-anti-fingerprinting/issues/7#issuecomment-598424965 Mozilla's position?

[bholley]

I think so, unless @annevk has other thoughts.

Is there any reason the proposal for web font caching needs to be coupled with the proposal for restricting system fonts? I think the latter is something we're likely supportive of, and thus would prefer to send disjoint signals on those two things.

[bholley]

also CC @TanviHacks and @martinthomson

[jyasskin]

Unfortunately, the CSSWG is concerned about the impact on minority linguistic communities if we just block system fonts without some other way to let those users cache the fonts. I think #6 (let users "install" fonts to the web) doesn't solve your concern either, because it's unfair to expect users to know that they're picking a font they don't want an attacker to know about.

It is totally reasonable for some browsers to pre-cache all the "common" fonts if they're worried about the privacy impact of caching them on demand, in case that would help your concern.

[astearns]

@bholley the CSSWG is definitely concerned about minority linguistic communities, but I don't think there's consensus that caching webfonts is the right fix for that issue. So to my mind separating the web font caching proposal from restricting local font access (with a different fix to avoid breaking minority linguistic content) is reasonable.

[martinthomson]

I would prefer it if this were taken to https://github.com/mozilla/standards-positions first.

I agree with Bobby (and Anne) here and the comments they have made are likely to stick. However, we do have a process that we're trying to use consistently and I don't want to set a precedent that a comment on a GitHub issue is taken for our formal position.

[jyasskin]

'k, thanks. I'm going to update the proposal tomorrow with a possible compromise, and then I'll poke mozilla/standards-positions.