Re: [Page Visibility] Spec -- privacy concern

For real-world practicality it seems to me that option #2 would be the
best. The users who care enough about it will change it, and I'm sure
organizations (EFF, etc.) could launch support to allow less-technical
users to change it also.

The page/user's privacy is some-what lessened, but the same basic
functionality can be achieved with today's technologies. So, if the
new API does provide a usable interface, and not just feature bloat,
(which I think it does by allowing applications to "idle", big for
performance gains), I would be opposed to leaving it out and force
extra effort onto developers down the line.

On Wed, May 18, 2011 at 18:48, Jatinder Mann <> wrote:
> To recap, the privacy concern is that web applications can better deterministically know whether you are viewing their content then they could have done before. Using window.onfocus and window.onblur already gives a website a good indication of the user presence. Page Visibility will give a slightly more accurate indication of user presence; Page Visibility will correctly return the User agent is visible in the case that it is not minimized and another application is in focus, whereas onfocus and onblur won’t.
> As discussed on today's call, our options are as so:
> (1) Decide that Page Visibility doesn’t significantly increase the privacy issue that is already present,
> (2) Allow User agents to specify a setting to disable Page Visibility APIs,
> (3) Page Visibility should be limited to same-origin unless specified via a meta-tag,
> (4) a combination of options 2 and 3.
> I would argue against option 3. The convention is to allow scripts added to a page via the script tag to have full access to properties on window/document; they are treated as if they were same origin scripts. For example, today a x-domain script added to a page has access to window.onfocus and window.onblur. Likewise, the convention is that same origin iframes have access to window/document and x-domain iframes do not. We should maintain that convention here.
> I recommend as a working group, we decide between option 1 or 2.
> Thanks,
> Jatinder

Adam Shannon
Web Developer
University of Northern Iowa
Sophomore -- Computer Science B.S.

Received on Thursday, 19 May 2011 00:33:37 UTC