- From: Alison Maher via GitHub <noreply@w3.org>
- Date: Wed, 17 Sep 2025 20:43:30 +0000
- To: public-css-archive@w3.org
### Privacy and Security self-review questionnaire for Color Adjust CRS Updates > What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary? Based solely on the updates for this review in https://drafts.csswg.org/css-color-adjust-1/#changes, other parties could tell that a user was in forced colors mode given that the emoji will fall back to its monochrome variant in forced colors mode if available. However, this is not new and can already be easily queried using the `forced-colors` media feature. > Do features in your specification expose the minimum amount of information necessary to enable their intended uses? Yes. > How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them? N/A - none of the updates in https://drafts.csswg.org/css-color-adjust-1/#changes deal with personal information > How do the features in your specification deal with sensitive information? As above. > Do the features in your specification introduce new state for an origin that persists across browsing sessions? No. > Do the features in your specification expose information about the underlying platform to origins? Yes, the forced colors mode state (which is already in CR) among other user preferences, like preferred color scheme. However, as noted above, there is no new exposure introduced via the latest changes in https://drafts.csswg.org/css-color-adjust-1/#changes. > Does this specification allow an origin to send data to the underlying platform? No. > Do features in this specification enable access to device sensors? No. > Do features in this specification enable new script execution/loading mechanisms? No. > Do features in this specification allow an origin to access other devices? No. > Do features in this specification allow an origin some measure of control over a user agent’s native UI? Yes, in forced colors mode in particular, this will update the coloring used for all experiences per the users preferred color palette for accessibility purposes. Out of the changes in https://drafts.csswg.org/css-color-adjust-1/#changes, the changes to emoji rendering in forced colors mode is the only new change that may fall into this category. > What temporary identifiers do the features in this specification create or expose to the web? N/A > How does this specification distinguish between behavior in first-party and third-party contexts? N/A > How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode? The same as any other mode. > Does this specification have both "Security Considerations" and "Privacy Considerations" sections? Yes: https://drafts.csswg.org/css-color-adjust-1/#privacy https://drafts.csswg.org/css-color-adjust-1/#security > Do features in your specification enable origins to downgrade default security protections? No. > How does your feature handle non-"fully active" documents? N/A -- GitHub Notification of comment by alisonmaher Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12815#issuecomment-3304507485 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 17 September 2025 20:43:31 UTC