- From: Alexander Kyereboah via GitHub <noreply@w3.org>
- Date: Thu, 28 Aug 2025 17:24:14 +0000
- To: public-css-archive@w3.org
Did a reassessment of the privacy risks with privacy folks in Chromium. They posited that AccentColor/AccentColorText provides a significant fingerprinting vector beyond that of other system colors, quote: > the accent color can have quite some identifying information (e.g. when it is derived from the wallpaper, or based on users' selection). We've previously required the accent color to not be exposed to scripts (https://chromestatus.com/feature/6548224737017856?gate=6390813732634624), and I would treat current exposures as bugs that should be fixed. So we should not regress on that. That being said, scoping this exposure to installed websites was approved as a sufficient mitigation, and I think we can close this issue as such. To the point of `accent-color: auto` and `AccentColor/AccentColorText` having different levels of availability, since `AccentColor/AccentColorText` has been more restricted, I think it makes sense to scope down `accent-color: auto` system color availability to installed websites only as well for consistency. -- GitHub Notification of comment by kyerebo Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/10372#issuecomment-3234331469 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 August 2025 17:24:15 UTC