- From: Christine Runnegar <runnegar@isoc.org>
- Date: Fri, 9 Oct 2020 21:24:51 +0000
- To: fantasai <fantasai.lists@inkedblade.net>
- CC: "public-privacy@w3.org" <public-privacy@w3.org>, "www-style@w3.org" <www-style@w3.org>
Thanks for sending in this request. We’ve assigned the review and will be discussing the spec at our next PING meeting on 15 October 2020. Christine > On Oct 6, 2020, at 10:48 PM, fantasai <fantasai.lists@inkedblade.net> wrote: > > The CSSWG requests formal review of the CSS Text Module Level 3: > https://www.w3.org/TR/css-text-3/ > > The Privacy and Security Considerations section is here: > https://www.w3.org/TR/css-text-3/#priv-sec > > Please raise any issues in the csswg GitHub repo: > https://github.com/w3c/csswg-drafts/issues > and let us know when you have completed your review. > > > = Self-Review Questionnaire: Security and Privacy = > > 2.1 What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary? > > In order to support correct typography, this specification relies on language-specific hyphenation dictionaries and line-breaking dictionaries. As these can vary across browser and browser version, they contribute to fingerprinting. They are nonetheless necessary to display various languages correctly. > > 2.2 Is this specification exposing the minimum amount of information necessary to power the feature? > > Yes > > 2.3 How does this specification deal with personal information or personally-identifiable information or information derived thereof? > > Not applicable > > 2.4 How does this specification deal with sensitive information? > > Not applicable > > 2.5 Does this specification introduce new state for an origin that persists across browsing sessions? > > No > > 2.6 What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin? > > Same asnwer as 2.1. > > 2.7 Does this specification allow an origin access to sensors on a user’s device > > No > > 2.8 What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts. > > None > > 2.9 Does this specification enable new script execution/loading mechanisms? > > No > > 2.10 Does this specification allow an origin to access other devices? > > No > > 2.11 Does this specification allow an origin some measure of control over a user agent’s native UI? > > No > > 2.12 What temporary identifiers might this this specification create or expose to the web? > > None > > 2.13 How does this specification distinguish between behavior in first-party and third-party contexts? > > Not applicable > > 2.14 How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode? > > No difference > > 2.15 Does this specification have a "Security Considerations" and "Privacy Considerations" section? > > Yes https://drafts.csswg.org/css-text-3/#priv-sec > > 2.16 Does this specification allow downgrading default security characteristics? > > No > > 2.17 What should this questionnaire have asked? > > Nothing springs to mind. > > Thanks~ > ~fantasai >
Received on Friday, 9 October 2020 21:25:08 UTC