- From: Shivani Sharma <notifications@github.com>
- Date: Wed, 27 Nov 2024 08:04:24 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 November 2024 16:04:28 UTC
> > One might argue that the proposal is ok because it just allows websites to give their users false beliefs, and a user has to still separately consent before their private information is released, but as far as we can tell, identities can be joined as soon as the user clicks, which isn't sufficient for the browser to know they've consented. Even if there were a separate consent screen, its task seems very difficult, needing to both explain what the user's being asked to consent to, and override anything the user's been convinced to believe about what information the site already has. > Could you elaborate on the understanding that a click would be sufficient for identities to be joined with the fenced frames solution? It's an explicit design goal to not be able to exfiltrate the data read within the fenced frames to the embedding page or to the network. Post-click, the embedding context knows there was a click and the action they take would be independent of what was displayed in the fenced frame, e.g. opening a new pop-up or invoking PaymentHandler etc. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/975#issuecomment-2504251335 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/975/2504251335@github.com>
Received on Wednesday, 27 November 2024 16:04:28 UTC