- From: Nick Doty <ndoty@cdt.org>
- Date: Tue, 17 Sep 2024 14:35:45 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Just a belated follow-up from a PING call discussion in July; I've sent this question on to the CSS WG mailing list. Cheers, Nick ---------- Forwarded message --------- From: Nick Doty <ndoty@cdt.org> Date: Tue, Sep 17, 2024 at 2:34 PM Subject: privacy of delegating-or-not CSS media queries to embedded frames To: <www-style@w3.org> Hello CSS friends, The Privacy Interest Group recently [0] discussed the Device Posture API, which raised some questions about the privacy impact of media queries and, more specifically, whether media query functionality should be delegated or qualified in some way to indicate whether a particular embedded frame (or embedded frames generally) should have access to the values of a particular media query. The particular use case where this came up was that a top-level site might want to know when or whether the device has been folded: this has some privacy impact in potentially letting multiple origins try to correlate whether visitors are actually the same user by correlating when a device environment changes on embedded frames in multiple origins. (This is sometimes called ephemeral fingerprinting, although it's a pretty distinctly different technique from what we typically call browser fingerprinting.) While the functionality might be important for a top-level site, it might not be important or desirable to communicate to every embedded frame. In thinking about the possibility of fenced frames, for example, or the use of permissions policy to delegate particular functionality to iframes (or exclude functionality from certain iframes), the Web platform sometimes indicates that a capability shouldn't be available to a frame. That was a lot of set-up. The question for the CSS WG is: does CSS have some way, or would you be interested in standardizing some way, to indicate whether media query values (or perhaps other CSS functionalities) should be available to frames or to a particular frame? There might be a privacy/interoperability benefit in aligning permissions that are delegated-or-not to frames with CSS functionality. There could be an opportunity to improve the privacy of media queries or CSS generally and also to mitigate privacy risks when adding new capabilities looking forward. This is my brief summary as co-chair of a discussion in July; it's likely imperfect. Questions or discussion would be welcome, on email, github or at TPAC. Cheers, Nick, for PING folks [0] Okay, it was actually a couple months ago and I got behind on sending this follow-up to you all. Minutes here: https://www.w3.org/Privacy/IG/summaries/PING-minutes-20240718#b-device-posture-api---httpsgithubcomw3cpingprivacy-requestissues136-pete -- Nick Doty | https://npdoty.name Senior Technologist Center for Democracy & Technology | https://cdt.org
Received on Tuesday, 17 September 2024 18:36:01 UTC