- From: Matt Menke <notifications@github.com>
- Date: Tue, 24 Jan 2023 07:24:10 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 24 January 2023 15:24:23 UTC
The privacy properties are unclear. Is there a single random_oracle() exposed globally, which could then be used to track a user across sites? Are they scoped per-site or per origin? Are these persisted or not? There's mention of this being UI gated, but neither the explainer nor the spec mention the UI, or what triggers it. Does the UI expose whether this feature is available before a user grants permission (e.g., only show a dialog if the feature is available), or is it just for the existence of a security key in general? Or does it reveal nothing? A privacy section in the explainer would make the privacy properties of this proposal much easier to evaluate. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/806#issuecomment-1402127454 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/806/1402127454@github.com>
Received on Tuesday, 24 January 2023 15:24:23 UTC