Hosted web fonts, CDN's, @font-face, and privacy

Question

If you use hosted fonts on a CDN, with @font-face, or with a service like Typekit, is it possible for the host to read all the characters that are being rendered by the font in your pages (and therefore read the content of your pages)?

If so, this seems that it would be a significant privacy issue.

Any expertise or recommended reading on this topic?

Answer 1

Web fonts are stored as monolithic files (WOFF, OTF, EOT or SVG) which must be fetched by the browser in their entirety to display any character in them. So it's not possible to detect usage of single characters.

There is a potential privacy leak in web font embedding but it's a more subtle than that, and very unlikely to be exploitable for anything.

It only occurs when you are using a web font as a fallback font, for example:

@font-face {
  font-family: "One";
  src: url(http://themes.googleusercontent.com/static/fonts/overlock/v2/Pr-80_x4SIOocpxz2VxC5fesZW2xOQ-xsNqO47m55DA.woff) format('woff');
}
@font-face {
  font-family: "Two";
  src: url(http://themes.googleusercontent.com/static/fonts/overlock/v2/EcjpF2hW5gSZ4M16YLdG84bN6UDyHWBl620a-IRfuBk.woff) format('woff');
}
p {
    font-family: "One", "Two", sans-serif;
}

In this example, if there were only Latin characters in the <p> element, the browser might choose to fetch only the WOFF file for the font "One". If there were other characters that were not present in the "One" font, the browser would have to fetch the second file as well, in order to look for a glyph for the character in "Two". So an external party would be able to know that one or more characters that were not present in "One" had been used on the page.

I wouldn't worry about it. It's IMO very unlikely you'd use an embedded fallback font (other than deliberately, in an attempt to optimise for the common characters and have an extended version of the same font where unusual characters have been used).

It doesn't happen on all browsers anyway. Chrome will do this; Firefox always fetches every embedded font included in a font-family list used by an element in the document.