- From: Alexis Menard via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Mar 2024 16:10:02 +0000
- To: public-css-archive@w3.org
> Privacy section in the [explainer](https://github.com/WICG/visual-viewport/blob/gh-pages/segments-explainer/SEGMENTS-EXPLAINER.md) indicates that segments will return null when called from within an iframe and explains how this prevents using the API as a fingerprinting vector from cross origin iframes. > > A concern I have is accessing the segments through [CSS media queries](https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_media_queries/Using_media_queries#targeting_media_features). Having CSS API in iframes might enable this type of fingerprinting. Is disabling CSS media queries for the segments feasible? Do we have precedence in doing that? I couldn't find anything in CSS specifications where certain CSS features are restricted to iframes, especially in the MQ/CSS env context but the domain is vast so I could have been missing something. But again, the real question is whether the fingerprinting is really that big of an issue if segments are just subdivisions of the total viewport size. Foldables already have exotic viewport size when unfolded so they can be identified already but as more devices are in the market, targeting a specific device is becoming harder as they share panel dimensions so segments definition as well. Yes, it does add a bit of entropy but nothing that couldn't be derived from the viewport size today (or even combining with other APIs) -- GitHub Notification of comment by darktears Please view or discuss this issue at https://github.com/w3c/csswg-drafts/pull/9285#issuecomment-2023160725 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 March 2024 16:10:03 UTC