- From: Yoav Weiss <notifications@github.com>
- Date: Wed, 17 Jul 2024 23:31:54 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 July 2024 06:31:57 UTC
> We are concerned that some of the use cases described might be considered abuse cases in some situations. The payment case raised, for example, involved the presentation to a user of a newly visited site of information that could make them erroneously believe that they had been to the site before. What's the user harm you're imagining would be caused in these cases? What's the incentive for that abuse? Are there any examples of such abuse enabled by third-party cookies in the last ~30 years? > Presently, websites cooperate with the browser to keep information that is jointly held by sites and the browser as private from other websites. Fenced Frames introduce a case where websites might cooperate to attack information that is held by the browser as private. Could you elaborate on that? I'm failing to translate that to Fenced Frames in particular and to the web's threat model in general. How are websites today cooperating with the browser to keep information private? What browser private information would fenced frames allow websites to attack? -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/838#issuecomment-2235727185 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/838/2235727185@github.com>
Received on Thursday, 18 July 2024 06:31:57 UTC