Web Fonts used to spam

Dave Crossland

https://securityboulevard.com/2019/01/rogue-ios-apps-sent-data-to-malicious-server/

Johannes Neumeier

As simple as it is clever, got to admire the ingenuity. On a related note I once mused about something like this for foundry webfont testers; exposing the entire font, but with a mangled letter mapping, so when decompressing the WOFF a potential exploiter would have another hurdle.