W3C home > Mailing lists > Public > public-css-archive@w3.org > November 2020

[csswg-drafts] [css-color-4][css-color-adjust-1] Shielding system colors to avoid fingerprinting (#5710)

From: fantasai via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Nov 2020 23:32:10 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-739445837-1604964728-sysbot+gh@w3.org>
fantasai has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-color-4][css-color-adjust-1] Shielding system colors to avoid fingerprinting ==
The main privacy-related leak from css-color-4/css-color-adjust-1 is the way that the used value of the system colors are exposed. One way to mitigate this would be to define that the system colors always return a fixed set of values via CSSOM APIs, and that forcing colors does not affect getComptuedStyle(). That way the real used color is not Web-exposed. Do we want to do that?

The upside is that we shield the system colors from the Web: all browsers return the same values via getComputedStyle() all the time. The downside is that if the author wanted to do any interesting calculations to choose additional colors based on the user's preferred color palette, they can no longer do that. (And also it's probably a bit more complicated to implement.)

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5710 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 9 November 2020 23:32:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:22 UTC