Re: [w3c/editing] [Delayed Clipboard Rendering] Privacy issue while reading data for web custom types (Issue #439) from snianu on 2023-11-09 (public-webapps-github@w3.org from November 2023)

From: snianu <notifications@github.com>
Date: Thu, 09 Nov 2023 10:25:20 -0800
To: w3c/editing <editing@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/editing/issues/439/1804337293@github.com>

EditingWG meeting minutes:
[17:34] <whsieh> next up: https://github.com/w3c/editing/issues/439
[17:35] <whsieh> snianu: WebKit says "web custom formats are a tracking vector"
[17:35] <whsieh> snianu: discussed this with internal privacy folks
[17:36] <whsieh> snianu: can we allow max 5 custom formats?
[17:36] <whsieh> johanneswilm: is this up to UA, or baked into spec
[17:37] <whsieh> snianu: current proposal is to add to spec
[17:38] <whsieh> smaug: unclear if this addresses anything since you could have app that only reads 1 type of data
[17:39] <whsieh> smaug: doesn't mitigate core issue
[17:40] <whsieh> snianu: if you only have  < 5 types, tracking vector is smaller
[17:40] <whsieh> q+
[17:40] <whsieh> snianu: making it harder for sites to detect
[17:41] <johanneswilm> q+
[17:41] <whsieh> whsieh: not robust to collusion
[17:42] <whsieh> snianu: 5 is just an arbitrary number. maybe we can start with 1?
[17:42] <sanketj_> q+
[17:43] <whsieh> snianu: ack that sites can use the same 5 custom formats to track users across web
[17:43] <whsieh> snianu: it does restrict to small number at least
[17:44] <whsieh> johanneswilm: if you had 1000 custom formats, you could have an app that spams arbitrary types on the clipboard, can't do this kind of spam with only limited number of types
[17:48] --> whsieh_ (~whsieh@7e4e2622.public.cloak) has joined this channel.
[17:48] <johanneswilm> q+
[17:49] <whsieh_> sanketj_: the first time you paste it'll get populated on the clipboard
[17:50] <whsieh_> whsieh: collusion is a problem with custom formats in general, not just the limit
[17:51] <-- whsieh (~whsieh@7e4e2622.public.cloak) has left this server (Ping timeout: 180 seconds).
[17:52] <whsieh_> sanketj_: best thing we can do while still enabling this use case is limit privacy impact
[17:52] <whsieh_> sanketj_: don't allow too many custom formats to be delayed
[17:53] <whsieh_> sanketj_: privacy problems are inherent to API
[17:53] <whsieh_> sanketj_: source app is going to know that custom format was pasted in
[17:53] <whsieh_> *destination*?
[17:53] <whsieh_> johanneswilm: we should continue discussion in the issue
[17:53] <whsieh_> I can ping Anne and discuss offline
[17:54] <whsieh_> johanneswilm: maybe another dedicated meeting slot

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/editing/issues/439#issuecomment-1804337293
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/editing/issues/439/1804337293@github.com>

Received on Thursday, 9 November 2023 18:25:25 UTC