- From: Simon Fraser via GitHub <sysbot+gh@w3.org>
- Date: Sat, 28 Oct 2023 18:41:19 +0000
- To: public-css-archive@w3.org
I have a few thoughts, mainly about potential for user fingerprinting based on how they generally use a foldable/multi-screen device. First, on a device that's foldable but with no hinge gap (i.e. continuous foldable screen), does the number of segments change when the screen goes between some folded state and unfolded flat? At what fold angle does this occur? If so, this might be used to identify users based on their habits of using the device fully unfolded or partially folded. This may also be used to estimate whether the user is paying full attention to the screen (fully unfolded) or is using it in a more glanceable fashion (partially folded), which may provide a signal to malicious content about when it can put things on the screen. Combined with device orientation data, this could be used to obscure activity on the less visible screen segment. Second, there are potentially two additional means by which screen segment data could leak per-user fingerprintable data. If an OS allows the user to position a window freely in a way that spans screens, the segments API is way to leak the window position (the segment geometry would change based on window position). This is akin to desktop browsers exposing `window.screenX`/`screenY` which can be very user-specific. In addition, even with non-draggable windows but modifiable browser UI including toolbars, the segments would leak information about the UI/toolbar geometry. -- GitHub Notification of comment by smfr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/pull/9285#issuecomment-1783894576 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 28 October 2023 18:41:21 UTC