Re: [w3c/screen-orientation] Rewrite privacy considerations section (PR #215)

@annevk commented on this pull request.

Thanks, that helps! Only nits remain.

> +      </p>
+      <ol>
+        <li>Restrict the value return by the {{ScreenOrientation/type}}
+        attribute to {{OrientationType/"portrait-primary"}} or
+        {{OrientationType/"landscape-secondary"}} to match the screen's aspect
+        ratio.
+        </li>
+        <li>Always return `0` for the value of the {{ScreenOrientation/angle}}
+        attribute.
+        </li>
+        <li>If the screen orientation changes, only fire the
+          <a data-link-for="ScreenOrientation">change</a> event when the
+          [=current orientation type=] changes from [=portrait=] to
+          [=landscape=], or vice versa. This both protects user's privacy by
+          not revealing how a device is being held, and prevents using the
+          [=secondary=] orientation as a fingerprinting vector.

Should this say "other" since above it wants to use "landscape-secondary"? Or is that a typo above?

> -          The screen orientation type and angle of the device can be accessed
-          with the API specified in this document, and can be a potential
-          fingerprinting vector.
-        </p>
-      </section>
+      <p>
+        A screen's [=current orientation type|type=] and [=current orientation
+        angle|angle=] are a potential fingerprinting vector. To resist
+        fingerprinting (e.g., in private browsing), user agents MAY:
+      </p>
+      <ol>
+        <li>Restrict the value return by the {{ScreenOrientation/type}}
+        attribute to {{OrientationType/"portrait-primary"}} or
+        {{OrientationType/"landscape-secondary"}} to match the screen's aspect
+        ratio.
+        </li>

This still reads a little weird. Can it return one of those or both, but what it returns depends on the aspect ratio? (Presumably the latter.)

> -        </p>
-      </section>
+      <p>
+        A screen's [=current orientation type|type=] and [=current orientation
+        angle|angle=] are a potential fingerprinting vector. To resist
+        fingerprinting (e.g., in private browsing), user agents MAY:
+      </p>
+      <ol>
+        <li>Restrict the value return by the {{ScreenOrientation/type}}
+        attribute to {{OrientationType/"portrait-primary"}} or
+        {{OrientationType/"landscape-secondary"}} to match the screen's aspect
+        ratio.
+        </li>
+        <li>Always return `0` for the value of the {{ScreenOrientation/angle}}
+        attribute.
+        </li>

Shouldn't this be 0 or 90 to match the thing above? Or maybe angle is more complicated in which case this might warrant some further documentation here and in the angle domintro as this would mean you cannot rely on it changing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/screen-orientation/pull/215#pullrequestreview-1140338409
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/screen-orientation/pull/215/review/1140338409@github.com>