- From: L. David Baron <notifications@github.com>
- Date: Wed, 31 May 2017 14:44:47 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 May 2017 21:45:23 UTC
I'm curious what considerations led to the decisions about how much to expose about whether the sharing succeeded. In particular: * what's the value of [exposing](https://wicg.github.io/web-share/#dom-navigator-share) whether the user chose to share somewhere or cancelled, relative to the violation of any privacy expectation the user might have (that is, the user might not expect that whether they've chosen something at the choice of applications gets exposed back to the Web page) * are there possible share targets where success or [failure starting the target or transmitting the data](https://wicg.github.io/web-share/#dom-navigator-share) might leak other information about the user's configuration? (For example, if there were a common share target that failed if the user's username in that system plus the length of the share target were greater than 140 characters, then it would be possible to extract the length of the user's username.) Or is that intended to be avoided by the provisions about how [declining to receive the data](https://wicg.github.io/web-share/#h-share-targets) must happen immediately? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/179#issuecomment-305326710
Received on Wednesday, 31 May 2017 21:45:23 UTC