- From: Christine Runnegar <runnegar@isoc.org>
- Date: Tue, 2 Oct 2018 17:24:02 +0000
- To: "public-privacy@w3.org" <public-privacy@w3.org>
Hello everyone, Please note that PING will NOT be meeting this week, instead, we will be meeting on Thursday 11 October 2018 at the usual time. We will be joined by members of the Web Performance WG to discuss the privacy considerations of the Device Memory API. Link to draft spec: https://www.w3.org/TR/2018/WD-device-memory-1-20180925/ (First Public WD). The WG has already identified some privacy concerns related to fingerprinting and the Client-Hints opt-in model, and has changed the draft specification to address some of those concerns, namely: * Client-Hints' opt-in model was revised so that opt-ins only include the same-origin. An explicit cross-origin opt-in mechanism is still being defined. * The values exposed are now truncated to a single MSB bit (so values are rounded to the lower power of 2, significantly reducing the fingerprinting surface). * UAs are free to set the lower and upper bound of the value range, as to reduce the fingerprinting surface even further, while making sure that the use-cases are addressed. Agenda for the call 1. Privacy considerations of the Device Memory API 2. TPAC 3. Updating security and privacy questionnaire 4. AOB WebEx meeting https://www.w3.org/2018/08/ping-webex.html (W3 login will be needed to access Webex call details) Please also join us on IRC on the #privacy channel: Server: irc.w3.org Username: <your name> Port: 6667 or 6665 Channel: #privacy Calendar invite to follow. If you have any issues retrieving the Webex call details, please feel free to contact me off list. Christine
Received on Tuesday, 2 October 2018 17:24:30 UTC