W3C home > Mailing lists > Public > public-css-archive@w3.org > December 2020

Re: [csswg-drafts] [css-pseudo] Privacy considerations for external resources (#5731)

From: CSS Meeting Bot via GitHub <sysbot+gh@w3.org>
Date: Thu, 03 Dec 2020 00:37:16 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-737582464-1606955835-sysbot+gh@w3.org>
The CSS Working Group just discussed `[css-pseudo] Privacy considerations for external resources`.

<details><summary>The full IRC log of that discussion</summary>
&lt;dael> Topic: [css-pseudo] Privacy considerations for external resources<br>
&lt;dael> github: https://github.com/w3c/csswg-drafts/issues/5731<br>
&lt;dael> TabAtkins: rune realized that the spec for spelling-error grammar-error and related pseudo has privacy bits about not detecting spelling dictionary<br>
&lt;hober> q+<br>
&lt;dael> TabAtkins: As written spec allows you to load a bg image which would allow trigger os spelling errors. He proposes we disallow loading of external resources for styling on spelling and grammar errors<br>
&lt;dael> florian: Existing definition of external resources?<br>
&lt;Rossen_> q<br>
&lt;dael> TabAtkins: Probably not one we can link to<br>
&lt;dael> TabAtkins: I think it's reasonable to gloss over for now<br>
&lt;dael> florian: Thinking of things like data urls. If there's an existing definition we can work from it would be nice<br>
&lt;jyasskin> q+<br>
&lt;Rossen_> ack hober<br>
&lt;dael> hober: We already have visited. We do a lot of restrictions on what can do on visited including loading of external resources. Why not limit in same way?<br>
&lt;dael> TabAtkins: I believe visited excludes loading other backgrounds. Okay witht hat restriction even if more than we need.<br>
&lt;jyasskin> q+ to mention Spectre<br>
&lt;dael> hober: I think consistency is valuable. Even if it's a little more it simplifies model<br>
&lt;dael> fantasai: Isn't visited underdefined<br>
&lt;dael> TabAtkins: Some of details yes but what properties is well defined.<br>
&lt;dael> fantasai: I think a lot of your ideas were in a PR we couldn't merge<br>
&lt;dael> TabAtkins: That was about how we apply them, not what properties<br>
&lt;florian> q?<br>
&lt;Rossen_> ack jyasskin<br>
&lt;Zakim> jyasskin, you wanted to mention Spectre<br>
&lt;dholbert> q+<br>
&lt;dael> jyasskin: Wanted to ask how much worrying about Specter which can detect color changes. I've heard about particioning visited whoch wouldn't work for spelling<br>
&lt;fantasai> TabAtkins, https://drafts.csswg.org/selectors-4/#link doesn't seem to have any details<br>
&lt;dael> florian: Both are fingerprinting risk but data from visited is more valuble. If it's easy to be consistent that's interesting. but more important to hide visited<br>
&lt;dael> s/Specter/Spectre<br>
&lt;dholbert> https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector is relevant (to the extent that it's accurate, which I think it is?)<br>
&lt;dael> florian: I'm saying it's related. We're less worried about the attack then on visited<br>
&lt;dael> florian: I think this is privacy sensitive only b/c fingerprinting. visited is privacy not just fingerprinting but the actual data. Protecting the data itself is relevent on visited. I don't think it is here.<br>
&lt;Rossen_> ack dholbert<br>
&lt;fantasai> s/more valuble/itself valuable independently of fingerprinting/<br>
&lt;dael> dholbert: I think visited restrictions could be problematic here. afaict it just limits you to properties that control colors and wouldn't allow add/remove underline which is main thing you want with spelling/grammar. It limits you to a couple properties and doesn't say you can't use external<br>
&lt;Rossen_> q?<br>
&lt;TabAtkins> Yeah, you're right fantasai, we don't actually have the list in the spec, I was misremembering<br>
&lt;dael> Rossen_: What do we do with this<br>
&lt;dael> fantasai: I think we can't align with visited. Current definition is the UA can do stuff to hide the visited-ness of the link. There's no details.<br>
&lt;dael> fantasai: We can be more precise here and say not loading external resources<br>
&lt;dael> fantasai: I can draft up wording what you can do stuff to preserve privacy such as not loading external resources and then we can have a more complete definition in the future that's general and we link to it<br>
&lt;dael> florian: wfm<br>
&lt;dael> Rossen_: Other opinions?<br>
&lt;dael> Rossen_: Is there a 1 line resolution we need?<br>
&lt;dael> Rossen_: Or continue in thread<br>
&lt;dael> hober: Depends on the text<br>
&lt;dael> fantasai: I'll draft up text and we can come back<br>
</details>


-- 
GitHub Notification of comment by css-meeting-bot
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5731#issuecomment-737582464 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 3 December 2020 00:37:19 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:23 UTC