W3C home > Mailing lists > Public > public-pointer-events@w3.org > April to June 2017

Re: [pointerevents] Add security/privacy considerations

From: Tom Ritter via GitHub <sysbot+gh@w3.org>
Date: Thu, 06 Apr 2017 19:04:18 +0000
To: public-pointer-events@w3.org
Message-ID: <issue_comment.created-292279637-1491505456-sysbot+gh@w3.org>
This draft does have privacy considerations. It exposes pointerType, which reveals whether the user is using a mouse, pen, or touch input. It also exposes detailed information about the geometry of the input (size of the thing pointing, pressure, tilt, twist). All of these are more detailed information than websites currently receiving, meaning that this can be used as a mechanism for fingerprinting (and tracking) users.

As mentioned in https://www.w3.org/2001/tag/doc/unsanctioned-tracking/

> [the TAG b]elieves that, because combatting fingerprinting is difficult, new Web specifications should take reasonable measures to avoid adding unneeded fingerprinting surface area. However, added surface area should not be a primary factor in determining whether to add a new feature.
> Asserts that when a new feature does add fingerprinting surface area, it should be documented as such.

Therefore I strongly believe that these concerns should be documented in the spec.



-- 
GitHub Notification of comment by tomrittervg
Please view or discuss this issue at https://github.com/w3c/pointerevents/pull/193#issuecomment-292279637 using your GitHub account
Received on Thursday, 6 April 2017 19:04:25 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 6 April 2017 19:04:25 UTC