- From: Grisha Lyukshin <notifications@github.com>
- Date: Mon, 07 Jun 2021 10:35:22 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 June 2021 17:35:48 UTC
> @gked > > > To be clear, it is not just a random site accessing clipboard content. User will need to give clipboard access to the site through permissions API first. > > I'm not sure I'm convinced that putting something behind a permission by itself is sufficient for something this powerful and potential privacy infringing, especially considering how we have seen egregious gaming of privacy prompts by bad actors (see here: [#337 (comment)](https://github.com/w3ctag/design-reviews/issues/337#issuecomment-561368571)). However, adding a user activation requirement and being the active document in focus (as you've described) **may** provide additional mitigation. I put this on the agenda for this week's TAG calls to discuss further. Are the risks and mitigations documented in the appropriate security & privacy considerations section? If so, can you point me that way? Thank you, looking forward to getting the feedback on this proposal. To your last question, I believe, @snianu has documented privacy and security risks before. Hey @snianu, could you please point @torgo to it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/636#issuecomment-856128580
Received on Monday, 7 June 2021 17:35:48 UTC