RE: [Page Visibility] Spec -- privacy concern

To recap, the privacy concern is that web applications can better deterministically know whether you are viewing their content then they could have done before. Using window.onfocus and window.onblur already gives a website a good indication of the user presence. Page Visibility will give a slightly more accurate indication of user presence; Page Visibility will correctly return the User agent is visible in the case that it is not minimized and another application is in focus, whereas onfocus and onblur won’t.

As discussed on today's call, our options are as so: 

(1) Decide that Page Visibility doesn’t significantly increase the privacy issue that is already present, 
(2) Allow User agents to specify a setting to disable Page Visibility APIs, 
(3) Page Visibility should be limited to same-origin unless specified via a meta-tag, 
(4) a combination of options 2 and 3.

I would argue against option 3. The convention is to allow scripts added to a page via the script tag to have full access to properties on window/document; they are treated as if they were same origin scripts. For example, today a x-domain script added to a page has access to window.onfocus and window.onblur. Likewise, the convention is that same origin iframes have access to window/document and x-domain iframes do not. We should maintain that convention here.

I recommend as a working group, we decide between option 1 or 2. 


Received on Wednesday, 18 May 2011 23:48:58 UTC