W3C home > Mailing lists > Public > public-css-archive@w3.org > April 2019

[csswg-drafts] [css-color-4] Prevent fingerprinting with deprecated system colors (#3873)

From: Amelia Bellamy-Royds via GitHub <sysbot+gh@w3.org>
Date: Wed, 24 Apr 2019 17:07:11 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-436809997-1556125629-sysbot+gh@w3.org>
AmeliaBR has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-color-4] Prevent fingerprinting with deprecated system colors ==
In #3804, we agreed to un-deprecate system colors that have important use cases for accessibility (high contrast mode) and dark mode theming.

I'd like to suggest that the spec get more strict about what "deprecated" means for the remaining colors.  Specifically, **user agents should not expose any user-specific data through the deprecated color names**; they should standardize the values for these colors so that they can't be used as fingerprinting data. The colors could still be adjusted for browser & OS, with light & dark mode variants, since that doesn't expose any new information relative to what's already exposed by user agent strings and media queries.

Of the colors that we are keeping deprecated, the problematic one that I know of is `Background`.  In [the spec](https://drafts.csswg.org/css-color-3/#css-system), this is the "desktop background".  On my windows system, both Firefox and EdgeHTML do expose my custom OS desktop background color. Chrome instead exposes my custom OS theme accent color. Which are sufficiently different that I can't see any user benefit from theming to match my colors, but I can see a significant fingerprinting vector.

PS, [Codepen with all the system colors & their definitions, on various colored backgrounds](https://codepen.io/AmeliaBR/full/JbaZLX), if you want to poke around to see what is being exposed for you

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/3873 using your GitHub account
Received on Wednesday, 24 April 2019 17:07:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 19 October 2021 01:31:07 UTC