Re: [w3c/payment-handler] CanMakePaymentEvent handling algorithm unclear (#330) from Danyao Wang on 2019-01-23 (public-webpayments-specs@w3.org from January 2019)

From: Danyao Wang <notifications@github.com>
Date: Wed, 23 Jan 2019 22:08:26 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/330/456985674@github.com>

A visual indicator would be useful for other reasons, but I doubt that it'll be effective in communicating the nuance: "the current website is querying hasEnrolledInstrument() on payment handler X and can use this as a way to detect that you're in private browsing mode". It also doesn't actually stop the detection.

It seems we're stuck between two privacy requirements:
1) In private browsing mode, don't signal payment handler about user's current presence on a website.
2) The absence of the signal actually allows a website to detect that user's in private browsing mode.

The same-origin short-circuit you suggested may cut off most of the abuse. But I don't have a good mental model of how a website can abuse the knowledge that user is in private browsing mode, so not sure if that is sufficient. It'll be good to get our privacy team's take on it.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/330#issuecomment-456985674

Received on Wednesday, 23 January 2019 22:08:49 UTC