[csswg-drafts] [css-conditional] Add fingerprinting note to Security & Privacy considerations

tantek has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-conditional] Add fingerprinting note to Security & Privacy considerations ==
https://drafts.csswg.org/css-conditional-3/#priv-sec could be improved with a small note about the potential for (ab)using @supports (and CSSSupportsRule) for explicitly fingerprinting the user's UA's capabilities, which has privacy implications. Maybe something like:


Features in this draft, in particular @supports and @media with various conditions (and DOM interface equivalents), may be used to significantly fingerprint the user's UA and device capabilities, dimensions, viewing environment etc., both statically, and usage over time (e.g. logging the 'orientation' media query via the DOM) and thus potentially impacting privacy expectations.


and then also:

s/No other feature in this spec has any privacy considerations.// 

since that's misleading at best.

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1243 using your GitHub account

Received on Wednesday, 19 April 2017 01:38:23 UTC