Re: [webpayments] Registration: Should we support payee knowing user has payee-controlled payment app? (#112) from Jeff Burdges on 2016-03-09 (public-payments-wg@w3.org from March 2016)

From: Jeff Burdges <notifications@github.com>
Date: Wed, 09 Mar 2016 13:21:25 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/112/194511389@github.com>

@halindrome  It now sounds like your talking about stuff that happens after the user has completed their shopping and selected the payment app, so not sure I grok the connection to your earlier comment.

To answer @ianbjacobs question "how can the payee learn in a privacy-protecting way that the payer has installed the app?"

They cannot, except through initiating a changeof  context to the payment app itself, like when making a payment, or obeying the same origin policy.  If we silently leak even 1 bit per payment app, then installing any payment apps creates a risk to the user.  See : [panopticlick.eff.org](https://panopticlick.eff.org/)  Just fyi, we switch to the Taler extension context during both the purchase and withdrawal operations. 

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/112#issuecomment-194511389

Received on Wednesday, 9 March 2016 21:21:56 UTC