Re: [w3ctag/design-reviews] Raw Clipboard Access API (#406)

Sorry for the late response. We’ve been in discussions with Chrome privacy/security since then, as well as with @slightlyoff. 

We’ve decided that we may start with a more restrictive API surface, and later reconsider opening things up. As such, we’ll likely gate API use on user activation, via the [user activation API](https://groups.google.com/a/chromium.org/d/msg/blink-dev/nkTDR8AUlwM/xsPcojA5BAAJ), and are taking a deeper look at [Pickling](https://github.com/WICG/raw-clipboard-access/blob/master/explainer.md#alternative-consistent-mime-types-without-re-encoding--pickling). We will likely send out an explainer for Pickling, either as an alternative to Raw Clipboard, or as a supplement. 

Regarding abuse cases, we did mention this in our [design document](https://docs.google.com/document/d/1XDOtTv8DtwTi4GaszwRFIJCOuzAEA4g9Tk0HrasQAdE/edit#heading=h.wfp7lhinseox), which was intended as a longer, more technical (and sometimes Chromium-specific) version of the easy-to-digest explainer, but which unfortunately wasn’t linked at the top of my explainer. 

I originally opted to exclude longer discussions of security and privacy from the explainer and TAG process as the [TAG explainer explainer](https://github.com/w3ctag/w3ctag.github.io/blob/master/explainers.md), which while very helpful, did omit a Security and Privacy section, and was [clear](https://github.com/w3ctag/w3ctag.github.io/blob/master/explainers.md#tips-for-effective-explainers) that this document should be “brief and easy”, but after similar repeated questions, will soon release a more fleshed out security/privacy considerations document.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/406#issuecomment-566777065