- From: Marcos Cáceres <notifications@github.com>
- Date: Tue, 30 Apr 2024 23:10:40 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1114/review/2033096785@github.com>
@marcoscaceres commented on this pull request.
> @@ -816,18 +817,29 @@ <h3>
This can be useful for analytics and possibly other customizations.
However, it is also conceivable that developers could encode
strings into the start_url that uniquely identify the user (e.g., a
- server assigned <abbr>UUID</abbr>). This is fingerprinting/privacy
- sensitive information that the user might not be aware of.
+ server-assigned <abbr>UUID</abbr> such as `"?user=123"`,
+ `"/user/123/"`, or `"https://user123.foo.bar"`). This is
+ fingerprinting/privacy sensitive information that the user might
+ not be aware of.
+ </p>
+ <p class="note">
+ It would be irresponsible for a developer to use the [=start URL=]
+ to include information that uniquely identifies a user, as it would
+ represent a fingerprint that is not cleared when the user clears
+ site data. However, nothing in this specification can practically
+ prevent developers from doing this.
```suggestion
prevent developers from doing this. Similarly, nothing in this specification prevents user agents from identifying
and stripping out unique identifiers start URLs.
```
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/1114#pullrequestreview-2033096785
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/manifest/pull/1114/review/2033096785@github.com>
Received on Wednesday, 1 May 2024 06:10:44 UTC