- From: Marcos Cáceres <notifications@github.com>
- Date: Sun, 08 Sep 2019 21:34:44 -0700
- To: w3c/gamepad <gamepad@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 9 September 2019 04:35:06 UTC
Discussed this with @sagoston, I wonder if we can do this incrementally: Presumedly, we have `.id` being exposed to a third-party via iframes, allowing `id` to become a fingerprinting vector for trackers.
So what if we added a feature policy to prevent third parties from accessing game pads unless the top-level document explicitly says it's ok? That would mitigate **some** of the privacy concerns and limit some of the damage.
We could then look at minting session-based identifiers for devices on a per origin basis (could just be 1-N). That would allow connection/disconnection of game pads, while providing a stable identifier for each game pad.
We could then look at adding a richer set of gamepad info, but we could gate it on a permission + user gesture.
That would leave the user in control of sharing a rich set of details about the game pad. The site could then explain why it needs that information ("to effectively map the game buttons" or whatever).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/gamepad/issues/73#issuecomment-529296106
Received on Monday, 9 September 2019 04:35:06 UTC