> *I just have this suspicion that sooner than later they will be used as a vect... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		inetknght on May 29, 2020 \| parent \| context \| favorite \| on: The Fastest Google Fonts > I just have this suspicion that sooner than later they will be used as a vector for some kind of security issue. You mean like being rendered into a canvas to get a high-entropy fingerprint of your device?

abjKT26nO8 on May 29, 2020 | [–]

TrueType implementations need to include an interpreter for a Turing-complete language (the hinting language). More about vulnerabilities:

1. https://security.stackexchange.com/questions/91347/how-can-a...

2. https://threatpost.com/of-truetype-font-vulnerabilities-and-...

3. https://googleprojectzero.blogspot.com/2015/07/one-font-vuln...

skrebbel on May 29, 2020 | [–]

How do downloadable web fonts help with that?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact