Re: [w3c/payment-method-basic-card] add: User changes payment method section (#53) from Matt N. on 2018-05-09 (public-webpayments-specs@w3.org from May 2018)

From: Matt N. <notifications@github.com>
Date: Wed, 09 May 2018 10:24:30 -0700
To: w3c/payment-method-basic-card <payment-method-basic-card@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-method-basic-card/pull/53/review/118829559@github.com>

mnoorenberghe commented on this pull request.



> +          The <dfn>steps for when a user changes payment method</dfn> are as
+          follows:
+        </p>
+        <ol>
+          <li>From the <a>supported cards</a> presented to the end-user, let
+          <var>card</var> be the <a>card</a> the user selected.
+          </li>
+          <li>Let <var>methodDetails</var> be a newly created
+          <a>BasicCardChangeDetails</a> dictionary.
+          </li>
+          <li>Set <var>methodDetails</var>["<a>type</a>"] to the
+          <a>BasicCardType</a> that represents <var>card</var>'s <a>type</a>.
+          </li>
+          <li>If the <var>card</var> is part of a <a>network</a>, set
+          <var>methodDetails</var>["<a>network</a>"] to the network identifier
+          that represents <var>card</var>'s <a>network</a>

After dealing with the privacy issues related to `shippingaddresschange`, I'm no longer sure that this event is a good idea because of the same impact on the UA selecting a payment method by default. If the merchant wants to do anything meaningful with this data (e.g. to change the total and replace the need for modifiers) then the UA would have to dispatch this event as soon as the PaymentRequest opens and that would leak the user's default-selected type and network to the merchant. It sounds like Apple didn't send the network with their `applepaypaymentmethodchanged` event either so I'm not sure the network is needed. The two PRs also seem to forget about @rsolomakhin's request for the event to be optional for basic-card.

Because of the increased fingerprinting potential (type + network) from a user-interaction showing a PR without the user completing it, I no longer like the idea of the event, especially if the network is leaked (since it provides more entropy). Modifiers don't have these privacy issue and while they don't address the store card case, that's not something that we're focused on at Mozilla at the moment and it doesn't apply to regular debit/credit basic cards. 

/cc @stpeter 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/53#pullrequestreview-118829559

Received on Wednesday, 9 May 2018 17:24:54 UTC