- From: Matthew Finkel via GitHub <sysbot+gh@w3.org>
- Date: Thu, 17 Jun 2021 13:15:28 +0000
- To: public-css-archive@w3.org
> This is a summary of the state of the CSSWG discussion: > > The CSS system colors, in forced colors mode, are required to match the user-required colors so that the page can style itself in that color scheme. They also are required to change based on color-scheme, so that the default text and background colors match the user preference. > > The used values of these colors are exposed via getComputedStyle(), which creates a privacy leak. > > Note that the following information is already provided explicitly via Media Queries: > > * Whether forced colors mode is on > > * What color scheme the reader prefers > > > Thus the additional privacy leak presented by getComputedStyle() is not of a new type of information, but rather merely a greater amount of information for users that are already segmentable via MQs. > Yes, I agree, but we're looking for solutions that limit harm (not necessarily eliminate it). However, I do agree with you now that lying is not a good solution and my original concern was misplaced. Thank you for your detailed response, it was very helpful. Specifically, just so my thoughts on this are clear: as mentioned above, in the three proposed options the state of `forced-colors` would not be modified, therefore the privacy leak is inherent in this accessibility feature and it has nothing to do with the resulting styling (via gCS). The modified styling when `forced-colors` is enabled is likely UA/OS specific, but that information is already available to JS from other sources. In the future I would like to see a privacy-preserving MQ mechanism that doesn't leak so much information about the UA/OS, but I know that this draft should not be a critique on MQ in general, so we can move on from this. > The current conclusion of the CSSWG is thus that we believe that the risk of breaking pages (either via JS errors or by unreadable colors) for users employing forced colors is greater than the harm from increased fingerprinting entropy for those users. I agree this is a reasonable assessment. -- GitHub Notification of comment by sysrqb Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5710#issuecomment-863229669 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 17 June 2021 13:15:43 UTC