Requesting Privacy IG review of UI Events KeybOardEvent specs from Léonie Watson on 2017-03-09 (public-privacy@w3.org from January to March 2017)

From: Léonie Watson <tink@tink.uk>
Date: Thu, 9 Mar 2017 16:58:49 +0000
To: public-privacy@w3.org
Cc: Travis Leithead <travis.leithead@microsoft.com>, Gary Kačmarčík (Кошмарчик) <garykac@google.com>, "Xiaoqian(Cindy) Wu" <xiaoqian@w3.org>
Message-ID: <d84a0409-9d7a-3265-e8b7-6c2115fd8036@tink.uk>

Hello Privacy IG,

The WebPlat WG would welcome your review of these two specs:

1. UI Events KeyboardEvents Code Values:
https://w3c.github.io/uievents-code/

2. UI Events KeyboardEvents Key Values:
https://w3c.github.io/uievents-key/

The editors (copied) have completed the security/privacy questionnaire 
(answers below my name).

We're just preparing to move into CR. With apologies for the short 
notice, we'd really appreciate your comments before 10th April if possible.

Comments are preferred on Github, but if you could ping me an email to 
let me know when you're done it'll help me keep the paperwork straight.

1. UI Events KeyboardEvents Code Values:
https://github.com/w3c/uievents-code/

2. UI Events KeyboardEvents Key Values:
https://github.com/w3c/uievents-key/

Thanks
Léonie

[1]
https://www.w3.org/TR/security-privacy-questionnaire/
Note: These answers apply to both UIEvents-key and UIEvents-code (not 
covered: the main UIEvents spec).
These 2 specs are effectively a list of acceptable values for the 
KeyboardEvent |key| and |code| attributes, respectively.

The |code| spec has an explicit list of values that must be used
The |key| spec has a explicit list of value, but it also allows a large 
set of Unicode strings as valid values.
Because these specs define a set of values that should be returned by 
the user agent, there no API surface that can be used for an attack.
(1) PII? No
(2) High value data? No
(3) New state that persists across browsing sessions? No
(4) Persistent, cross-origin state? No
(5) Newly expose data to an origin? No
(6) New script exe/loading? No
(7) Access location? No
(8) Access sensors? No
(9) Access local computing environment? No. Although if you scan all 
keyboard events, you might be able to determine that the user is using a 
keyboard
from a particular locale. But this can be done with the legacy key code 
values as well.
(10) Access other devices? No
(11) Control over UA's UI? No
(12) Expose temp IDs? No
(13) 1st party vs. 3rd party contexts? No
(14) What about "incognito"? No changes
(15) Local data persist? No
(16) "Security Considerations" and "Privacy Considerations"? No, because 
these spec are basically tables of values. Security/Privacy 
Considerations are
covered in the main UIEvents spec.
(17) Downgrade default security? N

-- 
@LeonieWatson tink.uk Carpe diem

Received on Thursday, 9 March 2017 16:59:45 UTC