- From: sysrqb via GitHub <sysbot+gh@w3.org>
- Date: Thu, 21 Jan 2021 03:35:23 +0000
- To: public-css-archive@w3.org
I'm providing a privacy review of this draft. The information leakage in the forced-color property is quite concerning. As the feature is specified, the privacy and security risk is not only fingerprinting, but it is potentially revealing information about a user's health/physical condition. I understand the significant benefits in providing a mechanism for adjusting sites to meet the needs of the user, however it seems the current design allows a web page to abuse this information, too. I recommend considering options (2) or (3). Alternatively, the "correctness" of the response from getComputedStyle seems like functionality that could be gated behind a permission prompt. Separately, regarding the color-scheme, I recommend limiting the addition of new schemes in the future. -- GitHub Notification of comment by sysrqb Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5710#issuecomment-764211053 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 21 January 2021 03:35:24 UTC