- From: Martin Thomson <notifications@github.com>
- Date: Wed, 27 Nov 2024 13:41:18 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 November 2024 21:41:22 UTC
As I understand it, something happens when someone clicks on the frame. So there is a difference between an outcome where someone clicks and when someone doesn't. The embedding contexts learns about whether there was a click.
If the content shown can affect whether a click occurs, then the embedding context gains information. In the extreme, you might imagine content in the frame that guarantees a click in one case ("click here to enable this free addon") and guarantees no click in another (leaving the area blank or "click here to agree to something awful"), then the information carried by that click (or absence thereof) is high. Maybe it's not perfect, because people are often perverse like that, but you have created a means of exfiltration.
https://github.com/WICG/turtledove/issues/990 goes into more detail about the sorts of things you might do to gain information from the human involved.
--
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/975#issuecomment-2504810702
You are receiving this because you are subscribed to this thread.
Message ID: <w3ctag/design-reviews/issues/975/2504810702@github.com>
Received on Wednesday, 27 November 2024 21:41:22 UTC