- From: CSS Meeting Bot via GitHub <noreply@w3.org>
- Date: Wed, 16 Jul 2025 16:34:27 +0000
- To: public-css-archive@w3.org
The CSS Working Group just discussed `[css-color] Mitigating fingerprinting for AccentColor/AccentColorText`. <details><summary>The full IRC log of that discussion</summary> <kbabbitt> kyerebo: I'm Alex, recently taken over implementation of accent-color in Chromium<br> <kbabbitt> ... summary of issue is: we resolved to add support for accent color keyword using actual system's accent color<br> <kbabbitt> ... have a blocking privacy concern regarding user's accent color<br> <kbabbitt> ... and what we currently have in spec is that we're leaving up to UA to mitigate privacy risks by returning fixed values<br> <kbabbitt> ... which don't reflect actual customization or choices made by user<br> <kbabbitt> ... in Chromium we're considering exposing accent color only in installed appliecations<br> <kbabbitt> ... discussion that fingerprinting surface was not significant enough to warrant complexity<br> <kbabbitt> ... some concern about using in form controls or native keywords<br> <kbabbitt> ... wanted to get some thoughts around whether language in spec is sufficient<br> <jarhar> q+<br> <kbabbitt> ... and whether fingerprinting surface is a real concern<br> <astearns> ack jarhar<br> <kbabbitt> jarhar: don't have anything to say about spec text. in terms of whetehr this is a real privacy issue, I'd be happy to ask that question again and bring in chrome security and privacy people<br> <kbabbitt> ... not an expert but that seemed like a concern to me<br> <kbabbitt> ... if you have evidence that it's not a big issue pleas let me know I'd be happy to help<br> <kbabbitt> astearns: other comments or questions?<br> <kbabbitt> alisonmaher: how these compare to other system colors - on Windows, accent color can be customized<br> <kbabbitt> ... which increases fingerprinting risk<br> <kbabbitt> ... but other system colors are also customizable<br> <kbabbitt> ... raises question, do users customize this more than other system colors?<br> <lea> q+<br> <kbabbitt> ... but at least on windows, all system colors are customizable<br> <astearns> ack lea<br> <kbabbitt> lea: on OSX, the highlight color is customizable but accent color isn't<br> <kbabbitt> ... it seems we currently do expose highlight color<br> <kbabbitt> ... so that's introducing more entropy<br> <kbabbitt> ... since it can be customized, so it doesn't seem any worse than what we have right now<br> <kbabbitt> ... once we impolement the resolution that accent color resolves to value of accent-color property, this becomes less of an issue<br> <kbabbitt> ... because most pages will set accent-color anyway<br> <kbabbitt> astearns: whether or not authors set the accent-color, doesn't really affect the fingerprinting risk<br> <kbabbitt> ... because someone who is interested in getting more fingerprint surface won't set accent-color<br> <kbabbitt> lea: I was thinking that you would need control over whole page for that kind of fingerprinting<br> <kbabbitt> astearns: maybe we need more info from privacy folks<br> <kbabbitt> alisonmaher: does the current spec text suffice? leaves it up to UA to mitigate these risks<br> <kbabbitt> ... or do we need more specific text here for accent color and accent color text in general?<br> <lea> (and also once it reflects the value of `accent-color` in theory extensions or user CSS can override and the page wouldn't know)<br> <kbabbitt> astearns: don't know but it seems an interoperable implementation would be better<br> <kbabbitt> alisonmaher: definitely want interoperable, maybe we need spec text for that<br> <astearns> s/interoperable implementation/interoperable mitigation/<br> <kyerebo> q+<br> <astearns> ack kyerebo<br> <kbabbitt> jarhar: I guess we can follow up with some more security and privacy discussions outside WG<br> <kbabbitt> kyerebo: alisonmaher and I put this on agenda, jarhar is the resolution here to have further talks on security and privacy to see if fingerprinting is significant<br> <kbabbitt> ... and get text for interoperable resolution?<br> <kbabbitt> jarhar: sure<br> <kbabbitt> ... if things are already exposed as mentioned earlier, that can be used to reexamine how bad fingerprinting is<br> <kbabbitt> ... I think that makes sense<br> <kbabbitt> astearns: I think that makes sense as well<br> <kbabbitt> ... get expert opinions, and based on those, are there changes to spec to say you can return real color<br> <kbabbitt> ... or here's what you need to do to hide real color, interoperable either way<br> <kbabbitt> ... who can take this to privacy people?<br> <kbabbitt> alisonmaher: kyerebo and I can figure that out<br> <kbabbitt> astearns: anything more?<br> </details> -- GitHub Notification of comment by css-meeting-bot Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/10372#issuecomment-3079394767 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 16 July 2025 16:34:28 UTC