- From: pes <notifications@github.com>
- Date: Mon, 28 Oct 2019 15:49:57 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-handler/issues/351/547179548@github.com>
Howdy @ianbjacobs! > Today users are often redirected to payment services, which also seem to be top-level contexts. Our thinking is that this is analogous to that, except a better user experience through a modal window. Does your comment about 3p context also apply to those sorts of redirects? It depends on the details of those redirection flows, how deeply nested they are, etc. Safari, for example, prevents some sites that are part of redirection flows from keeping state (ITP2.x) (those that it thinks are tracking). Brave and Safari both strip query params from some URLs to prevent sites from pushing information between 1p contexts. So, its all depends, but the overall point is that if payment.com is opened up from example1.com, and also opened from example2.com, payment shouldn't be able to link those two events from that activity alone. > Payment services know to whom I am making a payment. When you refer to tracking users, do you have in mind tracking beyond that knowledge of who is the beneficiary? Not all visits to the checkout / payment page result in entering information (some users decide not to purchase). And some visitors may want to maintain different identities with the same payment provider, so (for a variety of reasons) may choose to present one identity payment.com when buying boring things, and might present another identity to payment.com when buying sensitive things. (e.g., paying for insurance and paying for a cancer screening). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/issues/351#issuecomment-547179548
Received on Monday, 28 October 2019 22:49:59 UTC