Re: [w3ctag/design-reviews] Permissions Policy Reporting and Report-Only mode (Issue #909) from Hadley Beeman on 2023-11-20 (public-webapps-github@w3.org from November 2023)

From: Hadley Beeman <notifications@github.com>
Date: Mon, 20 Nov 2023 09:26:19 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/909/1819505201@github.com>

Hi all! We are looking at this in our W3C TAG breakout session today.

We like the general shape of this and definitely understand the value to developers. We do have a few questions:

1. What are the unintended consequences for this API, or potential misuses? We wondered if the report-only mode could be used for fingerprinting the user or their user agent, especially state that the user set.
2. Is the reporting going to a third party? We assume so, but that makes the privacy angle more salient.
3. We appreciate the inclusion of info regarding the privacy implications of reporting on embedded frames — maybe this should go into a security & privacy considerations section in the explainer?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/909#issuecomment-1819505201
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/909/1819505201@github.com>

Received on Monday, 20 November 2023 17:26:25 UTC