- From: Carine Bournez <carine@w3.org>
- Date: Thu, 3 Jun 2021 10:32:03 +0000
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-privacy@w3.org
On Thu, Jun 03, 2021 at 11:25:15AM +0200, Rigo Wenning wrote: > Carine, > > just skimming through it and knowing that the specification is not > addressing that use case particularly, let me note that the time - > action relation, if linked to an ID, can be used for very precise user > tracking. > > Unfortunately, neither the past nor the present specification text > contain any text in respect to this. But maybe I'm missing something as > I just skimmed through the spec. Hi Rigo, If it's already linked to a user ID, tracking can of course happen. High resolution timing does not bring anything interesting to that "use case", it does not make it easier nor harder to track. The important aspect is to avoid possible third-party attacks through the timing APIs, that could leak information on user actions only. > > On Wed, 2021-06-02 at 14:44 +0000, caribouW3 via GitHub wrote: > > caribouW3 has just labeled an issue for > > https://github.com/w3cping/privacy-request as "REVIEW REQUESTED": > > > > == User Timing 2021-06-02 > 2021-06-23 == > > - name of spec to be reviewed: User Timing > > - URL of spec: https://w3c.github.io/user-timing/ > > > > - What and when is your next expected transition? > > https://github.com/w3c/transitions/issues/338#issuecomment-850636248 > > Wide review was already done for level 2. The WG wants to drop levels > > and merge level 3 in it. > > The Director is requesting a formal wide review with the most recent > > horizontal review process. > > > > - What has changed since any previous review? > > In level 3, addition of ability to execute marks and measures across > > arbitrary timestamps and > > support for reporting arbitrary metadata along with marks and > > measures. > > > > - Does your document have an in-line Privacy Considerations section, > > separate from Security Considerations? If not, corrrect that before > > proceeding further. > > https://w3c.github.io/user-timing/#privacy-security > > > > - Please point to the results of your own self-review (see > > https://w3ctag.github.io/security-questionnaire/ , > > https://w3c.github.io/fingerprinting-guidance/, > > https://tools.ietf.org/html/rfc6973) > > https://w3c.github.io/perf-security-privacy/ > > > > - Where and how to file issues arising? > > https://github.com/w3c/user-timing/issues/ > > > > - Pointer to any explainer for the spec? > > https://w3c.github.io/user-timing/#introduction > > > > Other comments: > > > > > > See https://github.com/w3cping/privacy-request/issues/43 > > > > > > -- Carine Bournez /// W3C Europe
Received on Thursday, 3 June 2021 10:32:17 UTC