Re: Privacy Review Request for CSS Text Level 3 [css-text-3]

I believe there is still an open issue from PINGs review here:

https://github.com/w3c/csswg-drafts/issues/5630

The reviewer (Konrad, on public-privacy) is in a better position to say whether the issue has been dealt with, but it looks like the issue is still open.

Best,
Pete

> On Dec 9, 2020, at 5:04 PM, fantasai <fantasai.lists@inkedblade.net> wrote:
> 
> Hello!
> We're at zero open issues right now and would like to issue a transition request for CR, can you clarify if that would be a problem or if you are wanting something else from our group? :)
> 
> ~fantasai
> 
> On 10/9/20 2:24 PM, Christine Runnegar wrote:
>> Thanks for sending in this request. We’ve assigned the review and will be discussing the spec at our next PING meeting on 15 October 2020.
>> Christine
>>> On Oct 6, 2020, at 10:48 PM, fantasai <fantasai.lists@inkedblade.net> wrote:
>>> 
>>> The CSSWG requests formal review of the CSS Text Module Level 3:
>>>  https://www.w3.org/TR/css-text-3/
>>> 
>>> The Privacy and Security Considerations section is here:
>>>  https://www.w3.org/TR/css-text-3/#priv-sec
>>> 
>>> Please raise any issues in the csswg GitHub repo:
>>>   https://github.com/w3c/csswg-drafts/issues
>>> and let us know when you have completed your review.
>>> 
>>> 
>>> = Self-Review Questionnaire: Security and Privacy =
>>> 
>>> 2.1 What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
>>> 
>>> In order to support correct typography, this specification relies on language-specific hyphenation dictionaries and line-breaking dictionaries. As these can vary across browser and browser version, they contribute to fingerprinting. They are nonetheless necessary to display various languages correctly.
>>> 
>>> 2.2 Is this specification exposing the minimum amount of information necessary to power the feature?
>>> 
>>> Yes
>>> 
>>> 2.3 How does this specification deal with personal information or personally-identifiable information or information derived thereof?
>>> 
>>> Not applicable
>>> 
>>> 2.4 How does this specification deal with sensitive information?
>>> 
>>> Not applicable
>>> 
>>> 2.5 Does this specification introduce new state for an origin that persists across browsing sessions?
>>> 
>>> No
>>> 
>>> 2.6 What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin?
>>> 
>>> Same asnwer as 2.1.
>>> 
>>> 2.7 Does this specification allow an origin access to sensors on a user’s device
>>> 
>>> No
>>> 
>>> 2.8 What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.
>>> 
>>> None
>>> 
>>> 2.9 Does this specification enable new script execution/loading mechanisms?
>>> 
>>> No
>>> 
>>> 2.10 Does this specification allow an origin to access other devices?
>>> 
>>> No
>>> 
>>> 2.11 Does this specification allow an origin some measure of control over a user agent’s native UI?
>>> 
>>> No
>>> 
>>> 2.12 What temporary identifiers might this this specification create or expose to the web?
>>> 
>>> None
>>> 
>>> 2.13 How does this specification distinguish between behavior in first-party and third-party contexts?
>>> 
>>> Not applicable
>>> 
>>> 2.14 How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?
>>> 
>>> No difference
>>> 
>>> 2.15 Does this specification have a "Security Considerations" and "Privacy Considerations" section?
>>> 
>>> Yes https://drafts.csswg.org/css-text-3/#priv-sec
>>> 
>>> 2.16 Does this specification allow downgrading default security characteristics?
>>> 
>>> No
>>> 
>>> 2.17 What should this questionnaire have asked?
>>> 
>>> Nothing springs to mind.
>>> 
>>> Thanks~
>>> ~fantasai
>>> 
> 

Received on Thursday, 10 December 2020 01:08:22 UTC