Re: [Page Visibility] Spec -- privacy concern from Arvind Jain on 2011-05-14 (public-web-perf@w3.org from May 2011)

From: Arvind Jain <arvind@google.com>
Date: Fri, 13 May 2011 17:59:16 -0700
To: Kyle Simpson <getify@gmail.com>
Cc: Sreeram Ramachandran <sreeram@google.com>, public-web-perf@w3.org
Message-ID: <BANLkTinrOvT0eoq5zc46VLy1=XSbAkqytw@mail.gmail.com>

Yes there is additional information being exposed (the case where a window
loses focus but is still visible). But it seems like a minor addition to the
existing information available via onfocus/onblur/onload/onunload.

Limiting it to same domain would render the API ineffective. One of the
goals was for Analytics software to track time spent on a page with higher
fidelity, which would not get served. Another goal was for advertisers to
know whether their ad was ever shown (or to not play an ads video when the
window is not visible). These are both third party content examples.

Arvind

On Fri, May 13, 2011 at 5:44 PM, Kyle Simpson <getify@gmail.com> wrote:

> I'm not entirely certain the answer to your question... but I'd submit that
> if such functionality exists and is truly reliable and represents the same
> visible/hidden states we're discussion, then on principle why are we
> creating a new event/state property for something that already exists?
>
> If they aren't the same thing, then `blur`/etc must necessarily be a subset
> of the proposed new functionality, so it by definition introduces new
> potential privacy leaks.
>
> --Kyle
>
>
>
>
> --------------------------------------------------
> From: "Sreeram Ramachandran" <sreeram@google.com>
> Sent: Saturday, May 14, 2011 2:06 AM
> To: "Kyle Simpson" <getify@gmail.com>
> Cc: <public-web-perf@w3.org>
> Subject: Re: [Page Visibility] Spec -- privacy concern
>
>  On Fri, May 13, 2011 at 16:50, Kyle Simpson <getify@gmail.com> wrote:
>>
>>> One major privacy concern I (and others I chatted with on Mozilla's
>>> #developers IRC) have is that third-party scripts (like ad providers,
>>> etc)
>>> would be able to monitor this type of data (page visibility) and gain
>>> valuable (to them!) information which a user might not want them to have,
>>> such as how long I stay viewing a page, etc.
>>>
>>
>> Doesn't this privacy concern also apply to other existing mechanisms,
>> such as window.onblur/onfocus/onpageshow/onpagehide? It's not clear to
>> me that the visibility API introduces additional privacy-violating
>> capabilities on top of those.
>>
>>
>

Received on Saturday, 14 May 2011 00:59:42 UTC