Re: [Page Visibility] Spec -- privacy concern from Adam Shannon on 2011-05-14 (public-web-perf@w3.org from May 2011)

From: Adam Shannon <adam@ashannon.us>
Date: Fri, 13 May 2011 20:06:26 -0500
To: Kyle Simpson <getify@gmail.com>
Cc: Sreeram Ramachandran <sreeram@google.com>, public-web-perf@w3.org
Message-ID: <BANLkTikX7ap5256u7=-LoPUPayAdUHcdJA@mail.gmail.com>

I probably should have said this earlier on the beginning discussions
of the visibility talks, but I was always confused when it seemed like
we were just adding abstractions to the current API.

In respect to allowing third-parties (commonly advertisers) more
access to what the browser/user is specifically doing, I'm opposed to
that on philosophical backgrounds. However, I do see the usage for the
API, and surely vendors can implement settings [which attempt] to
mitigate malicious use.

On Fri, May 13, 2011 at 19:44, Kyle Simpson <getify@gmail.com> wrote:
> I'm not entirely certain the answer to your question... but I'd submit that
> if such functionality exists and is truly reliable and represents the same
> visible/hidden states we're discussion, then on principle why are we
> creating a new event/state property for something that already exists?
>
> If they aren't the same thing, then `blur`/etc must necessarily be a subset
> of the proposed new functionality, so it by definition introduces new
> potential privacy leaks.
>
> --Kyle
>
>
>
>
> --------------------------------------------------
> From: "Sreeram Ramachandran" <sreeram@google.com>
> Sent: Saturday, May 14, 2011 2:06 AM
> To: "Kyle Simpson" <getify@gmail.com>
> Cc: <public-web-perf@w3.org>
> Subject: Re: [Page Visibility] Spec -- privacy concern
>
>> On Fri, May 13, 2011 at 16:50, Kyle Simpson <getify@gmail.com> wrote:
>>>
>>> One major privacy concern I (and others I chatted with on Mozilla's
>>> #developers IRC) have is that third-party scripts (like ad providers,
>>> etc)
>>> would be able to monitor this type of data (page visibility) and gain
>>> valuable (to them!) information which a user might not want them to have,
>>> such as how long I stay viewing a page, etc.
>>
>> Doesn't this privacy concern also apply to other existing mechanisms,
>> such as window.onblur/onfocus/onpageshow/onpagehide? It's not clear to
>> me that the visibility API introduces additional privacy-violating
>> capabilities on top of those.
>>
>
>



-- 
Adam Shannon
Web Developer
University of Northern Iowa
Sophomore -- Computer Science B.S.
http://ashannon.us

Received on Saturday, 14 May 2011 01:07:15 UTC