Re: [Page Visibility] Spec -- privacy concern from Kyle Simpson on 2011-05-14 (public-web-perf@w3.org from May 2011)

From: Kyle Simpson <getify@gmail.com>
Date: Sat, 14 May 2011 03:34:36 +0200
To: "Arvind Jain" <arvind@google.com>
Cc: "Sreeram Ramachandran" <sreeram@google.com>, <public-web-perf@w3.org>
Message-ID: <C20D87A1EFD14ED7BD3B6E95FED1F0A2@spartacus>
> Limiting it to same domain would render the API ineffective. One of the 
> goals was for Analytics software to track time spent on a page with higher 
> fidelity, which would not get served. Another goal was for advertisers to 
> know whether their ad was ever shown (or to not play an ads video when the 
> window is not visible). These are both third party content examples.

I haven't ready any such use-cases up to this point -- only ones relating to 
performance. If I have missed that, please direct me to which document 
states such things, as I definitely have some feedback to provide.

This is a web performance working group. I am generally only interested in 
making decisions from a performance perspective, not a "I can think of 
something a third-party might like to have" perspective. That's a wide open 
pandora's box, and if we're discussing those things, I've got a whole bunch 
of stuff I could add onto these proposals as "supporting arguments", or to 
borrow from government, "earmarks" or "pork barrels". But that's certainly 
counter to the spirit of this group, no? Surely those types of discussions 
belong in the greater WHATWG or W3C groups, or web-apps WG, etc.

It's one thing for such a use-case to be raised as (at best) a secondary 
concern (useful only for informational purposes and not principled decision 
making), but if it gets to the point where such arguments sway a decision 
more so than the performance perspective, then I vote "NO" to such proposals 
unequivocally, as I think they have no place in this group (at least as I 
understand its charter). Moreover, security/privacy concerns usually have 
the privilege of trumping performance (and thus also secondary/third-party 
feature request) concerns.

With all due respect, I reject the premise that same-domain limiting is an 
invalid solution to the concerns being raised, simply because such a set of 
(again, at best) secondary concerns might be crippled. Those who are 
advocating on such premises should take their discussion to a group bigger 
in scope than a web performance WG.

--Kyle




From: Arvind Jain
Sent: Saturday, May 14, 2011 2:59 AM
To: Kyle Simpson
Cc: Sreeram Ramachandran ; public-web-perf@w3.org
Subject: Re: [Page Visibility] Spec -- privacy concern


Yes there is additional information being exposed (the case where a window 
loses focus but is still visible). But it seems like a minor addition to the 
existing information available via onfocus/onblur/onload/onunload.


Limiting it to same domain would render the API ineffective. One of the 
goals was for Analytics software to track time spent on a page with higher 
fidelity, which would not get served. Another goal was for advertisers to 
know whether their ad was ever shown (or to not play an ads video when the 
window is not visible). These are both third party content examples.



Arvind


On Fri, May 13, 2011 at 5:44 PM, Kyle Simpson <getify@gmail.com> wrote:

I'm not entirely certain the answer to your question... but I'd submit that 
if such functionality exists and is truly reliable and represents the same 
visible/hidden states we're discussion, then on principle why are we 
creating a new event/state property for something that already exists?

If they aren't the same thing, then `blur`/etc must necessarily be a subset 
of the proposed new functionality, so it by definition introduces new 
potential privacy leaks.

--Kyle




--------------------------------------------------
From: "Sreeram Ramachandran" <sreeram@google.com>
Sent: Saturday, May 14, 2011 2:06 AM
To: "Kyle Simpson" <getify@gmail.com>
Cc: <public-web-perf@w3.org>
Subject: Re: [Page Visibility] Spec -- privacy concern


On Fri, May 13, 2011 at 16:50, Kyle Simpson <getify@gmail.com> wrote:

One major privacy concern I (and others I chatted with on Mozilla's
#developers IRC) have is that third-party scripts (like ad providers, etc)
would be able to monitor this type of data (page visibility) and gain
valuable (to them!) information which a user might not want them to have,
such as how long I stay viewing a page, etc.



Doesn't this privacy concern also apply to other existing mechanisms,
such as window.onblur/onfocus/onpageshow/onpagehide? It's not clear to
me that the visibility API introduces additional privacy-violating
capabilities on top of those.
Received on Saturday, 14 May 2011 01:35:08 UTC