ds...@chromium.org, jsb...@chromium.org
https://github.com/WICG/local-font-access
https://wicg.github.io/local-font-access/
Blog: https://web.dev/local-fonts/
Gives web applications the ability to enumerate local fonts and some metadata about each. Today, no API exists to provide a list of local fonts to web applications.
Also gives web applications access to the font data as a binary blob, allowing those fonts to be rendered within their applications using custom text stacks.
https://github.com/w3ctag/design-reviews/issues/400
Pending
This API has been designed to support feature detection to allow applications to gracefully degrade based on the capabilities different user agents offer.
We expect developers using this API to design their web applications to use web-based fonts as the primary set of font choices, but allow users to opt-in to take advantage of their local fonts for specific design needs.
If this feature were removed from the platform, web applications would lose the ability to enumerate local fonts and retrieve font data but otherwise are expected to continue to function.
Gecko: https://github.com/mozilla/standards-positions/issues/401
WebKit: https://lists.webkit.org/pipermail/webkit-dev/2022-April/032176.html
Web developers: Strongly positive (https://crbug.com/535764#c2) Very positive support from web applications that interact with local fonts, such as Figma.
Adopted by: Boxy SVG
Other signals:
The feature builds both enumeration and data access into the same new API. Separation was considered but rejected. (See the Explainer for more details.) That may limit use.
Developers will be able to take advantage of this feature immediately since it uses the same available local fonts that other native applications have access to. The API makes it possible for web developers to implement a font picker (either UI-driven or algorithmic) and API usage will see more traction once popular UI libraries build font pickers on top of it.
Content for this API is available immediately since the API uses locally-installed fonts that are already present on the user's system. Usage of this API by an average web developer will require additional text shaping software that would render fonts based on data returned by this API. (eg. a Harfbuzz-in-WASM library)
The API is designed to support additional functionality in the future. Several such additions are under consideration:
Querying for a "system UI" font, for web applications that render text with their own text stack and need access to the full font data, but wish to match the local system appearance. This would be equivalent to the CSS "system-ui" generic font family.
Querying for only "low entropy" fonts, i.e. fonts that are part of the operating system base installation.
Querying font metadata in specific languages. Fonts often contain metadata with language tags, but OS APIs for enumerating fonts typically return only the metadata for the active language.
Providing additional metadata or events to notify web apps of changes to fonts, to refresh caches.
The API provides access to full font data in local fonts which can expose additional information about a user's installed configuration to a web application.
This new API is behind a permission prompt, making this an active fingerprinting target. See the TAG review's security and privacy questionnaire for more info: https://github.com/wicg/local-font-access/blob/master/security-privacy.md
Mitigations to existing passive fingerprinting vectors using local fonts (i.e. via CSS and Canvas) have been considered in non-Chromium-based browsers, and should be considered for Chrome as well, but are outside the scope of this I2S. In light of those existing vectors, we do not believe this new API contributes meaningfully to new fingerprintability, and we assert that future privacy enhancements should be applied equally across all font-based vectors.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
This API does not change the behavior of any other existing APIs.
No special considerations.
No
font-access
False
https://chromestatus.com/feature/6234451761692672
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/3MW3ngOsUOk/m/iE0Bvg-6AwAJ
This intent message was generated by Chrome Platform Status.
WebKit: https://lists.webkit.org/pipermail/webkit-dev/2022-April/032176.html
Web developers: Strongly positive (https://crbug.com/535764#c2) Very positive support from web applications that interact with local fonts, such as Figma.
Adopted by: Boxy SVG
Other signals:
Ergonomics
The feature builds both enumeration and data access into the same new API. Separation was considered but rejected. (See the Explainer for more details.) That may limit use.
Activation
Developers will be able to take advantage of this feature immediately since it uses the same available local fonts that other native applications have access to. The API makes it possible for web developers to implement a font picker (either UI-driven or algorithmic) and API usage will see more traction once popular UI libraries build font pickers on top of it.
Content for this API is available immediately since the API uses locally-installed fonts that are already present on the user's system. Usage of this API by an average web developer will require additional text shaping software that would render fonts based on data returned by this API. (eg. a Harfbuzz-in-WASM library)
The API is designed to support additional functionality in the future. Several such additions are under consideration:
Querying for a "system UI" font, for web applications that render text with their own text stack and need access to the full font data, but wish to match the local system appearance. This would be equivalent to the CSS "system-ui" generic font family.
Querying for only "low entropy" fonts, i.e. fonts that are part of the operating system base installation.
Querying font metadata in specific languages. Fonts often contain metadata with language tags, but OS APIs for enumerating fonts typically return only the metadata for the active language.
Providing additional metadata or events to notify web apps of changes to fonts, to refresh caches.
Security
The API provides access to full font data in local fonts which can expose additional information about a user's installed configuration to a web application.
This new API is behind a permission prompt, making this an active fingerprinting target. See the TAG review's security and privacy questionnaire for more info: https://github.com/wicg/local-font-access/blob/master/security-privacy.md
Mitigations to existing passive fingerprinting vectors using local fonts (i.e. via CSS and Canvas)
Also, any learnings/feedback from the Origin Trial?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f4786591-4aad-474f-9977-d2e2f796c659n%40chromium.org.