Re: [pointerevents] Add security/privacy considerations

This draft does have privacy considerations. It exposes pointerType, which reveals whether the user is using a mouse, pen, or touch input. It also exposes detailed information about the geometry of the input (size of the thing pointing, pressure, tilt, twist). All of these are more detailed information than websites currently receiving, meaning that this can be used as a mechanism for fingerprinting (and tracking) users.

As mentioned in

> [the TAG b]elieves that, because combatting fingerprinting is difficult, new Web specifications should take reasonable measures to avoid adding unneeded fingerprinting surface area. However, added surface area should not be a primary factor in determining whether to add a new feature.
> Asserts that when a new feature does add fingerprinting surface area, it should be documented as such.

Therefore I strongly believe that these concerns should be documented in the spec.

GitHub Notification of comment by tomrittervg
Please view or discuss this issue at using your GitHub account

Received on Thursday, 6 April 2017 19:04:25 UTC