[device-posture] Clarify that `null` is never exposed to the page (#152) from pes10k via GitHub on 2024-07-18 (public-device-apis-log@w3.org from July 2024)

From: pes10k via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Jul 2024 17:06:26 +0000
To: public-device-apis-log@w3.org
Message-ID: <issues.opened-2416948086-1721322384-sysbot+gh@w3.org>

pes10k has just created a new issue for https://github.com/w3c/device-posture:

== Clarify that `null` is never exposed to the page ==
This issue is being filed as part of the PING review requested here https://github.com/w3cping/privacy-request/issues/136

The current text notes that there is a `null` slot on the document interface. However, the security and privacy considerations section notes that the only possible values are "continuous" and "folded", and that user agents should return the former by default. This seems (at least on first read) as contradictory and at least potentially confusing 

From the discussion on the PING call, my understanding is that there are no cases where the browser should return `null` to the page from this API (with the possible exception of WebDriver cases, though I dont understand why this is needed either; why not also return "continuous" in this case).  Limiting the API to only two values is ideal from a privacy perspective to limit fingerprinting surface here. 

Please view or discuss this issue at https://github.com/w3c/device-posture/issues/152 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 18 July 2024 17:06:27 UTC