Re: [w3c/manifest] Privacy Review: handle start_url tracking (#399)

@g-ortuno 

The matter is of security/privacy UX, though heavy on the technical side.

While both seem to be vulnerable to this kind of tracking (whether there is a standard way of [triggering](https://gist.github.com/oilvier/70abd45d1f2ffc98b568) add-bookmark in a site-controlled manner, that is streamlined with browser UI, is secondary to this reply), and there are similarities between bookmarks and start_url, start_url is in my view part of something bigger (otherwise we would not need it and bookmarks would suffice). If I understand it right, this bigger thing (PWA) is a new experience of web browsing, and I wonder if current users would be accustomed. So it boils to the qualitative change and touches browsing experience. On a more technical level:

- bookmarks and manifests are consumed (added) differently
- manifests can deliver a packaged site that is full screen, can well mimic a locally installed application, and so makes the user perceive it in a distinct manner than a site that was added as a bookmark
- while I can foresee how bookmarks will develop in future (I expect no changes to happen), I am not so sure about PWAs, as it seems to be in motion and really benefits from the new platform additions (Push, Notification, to say the least)
 

@npdoty 
>  I think isolating state would be an advantage we could embed in to the design, and it would also substantially limit the risk of surprises from `start_url` identifiers.

Thanks for a lengthy response, agreed, +1'd, and so. 5 cents is: iOS currently isolates PWAs. So the attack/technique/trick I deploy above, does not work on iOS (i.e. UID works, but no cookie respawn). Whether it's due to deliberate planning (@othermaciej?) or sheer luck is, again, secondary here. But that's quite interesting.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/399#issuecomment-482477790