- From: Carlos Lopez via GitHub <noreply@w3.org>
- Date: Wed, 03 Dec 2025 19:01:11 +0000
- To: public-css-archive@w3.org
> Another idea: This started to be considered a significant fingerprinting vector when we realized that some OSes allow freeform color selection, right? What if instead of tainting per se, we reduced the **granularity** of the returned values? E.g. we could define "buckets" of hue, chroma, lightness based on how many bits of entropy would be acceptable and return those values, which would ensure that any calculations are at least done based on a somewhat similar color. The exact granularity of the buckets could even be UA-dependent. I mentioned this before in May 2024 > I mentioned this somewhere before, but limiting to a hue with limited variations is probably enough. Take the 360ยบ hue and segmenting them maybe 15 or 20 is probably enough to replicate a user's preferred primary device palette/hue. To be honest, the chroma and lightness are mostly irrelevant to accent color all things considered. We already split with light/dark. Authors shouldn't blindingly trust any color will satisfy WCAG contrast requirements (3:1 for AA and 7:1 for AAA). For example somebody might really like light pink or crimson red. If there's accent color then IIRC there's also accent backcolor but. I think a fixed chroma and lightness is sufficient and balanced with light/dark. HSV/HSL (BT709/SRGB) is probably sufficient for converting to custom color spaces. I don't think it's worse supporting OS's allowing BT2020 accent colors (if that even exists). TL;DR: Hue variable. Saturation fixed. Lightness based on light/dark. Hue variability can be based on another aspect (eg: PWA/First time). I've also seen Firefox randomize screen metrics and perhaps that concept can apply to the hue as well. Not perceptible enough to matter, but enough to weaken fingerprinting. -- GitHub Notification of comment by clshortfuse Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/10372#issuecomment-3608354741 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 3 December 2025 19:01:12 UTC