Re: [w3c/push-api] Issue: Change Source of Push Service and Privacy Issues (#258) from Peter Beverloo on 2017-05-11 (public-webapps-github@w3.org from May 2017)

From: Peter Beverloo <notifications@github.com>
Date: Thu, 11 May 2017 06:51:21 -0700
To: w3c/push-api <push-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/push-api/issues/258/300795481@github.com>

Hi Max—could you point to the language that limits a user agent to a single push service? There is no need for a user agent to be limited to a single push service. I know of at least one UA that uses a different push service for particular countries.

We do restrict a Service Worker to an individual subscription, so it's not possible to have subscriptions with multiple push services for given specific Service Worker at once. If the user agent sees a need to switch, they could send a `pushsubscriptionchange` event with updated information.

Could you elaborate on the privacy issue? We require the payloads of all push messages to be encrypted, in a model where the push service explicitly is not trusted. (And thus cannot read the message's contents.) You're right that certain meta-data such as frequency and timing of messages will be known by the push service, but that's almost impossible to prevent.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/258#issuecomment-300795481

Received on Thursday, 11 May 2017 13:51:59 UTC