W3C home > Mailing lists > Public > public-css-archive@w3.org > April 2017

[csswg-drafts] [css-conditional] Add fingerprinting note to Security & Privacy considerations

From: Tantek Çelik via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Apr 2017 01:38:16 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-222591666-1492565895-sysbot+gh@w3.org>
tantek has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-conditional] Add fingerprinting note to Security & Privacy considerations ==
https://drafts.csswg.org/css-conditional-3/#priv-sec could be improved with a small note about the potential for (ab)using @supports (and CSSSupportsRule) for explicitly fingerprinting the user's UA's capabilities, which has privacy implications. Maybe something like:

===

Features in this draft, in particular @supports and @media with various conditions (and DOM interface equivalents), may be used to significantly fingerprint the user's UA and device capabilities, dimensions, viewing environment etc., both statically, and usage over time (e.g. logging the 'orientation' media query via the DOM) and thus potentially impacting privacy expectations.

===

and then also:

s/No other feature in this spec has any privacy considerations.// 

since that's misleading at best.

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1243 using your GitHub account
Received on Wednesday, 19 April 2017 01:38:23 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:41:11 UTC