- From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Jul 2022 16:36:50 +0000
- To: public-webauthn@w3.org
Actually, when calling `credentials.get` with an empty `allowCredentials` list, it shows to me the list of users with `name` and `displayName` but without id/handle! At least, that is how it is on my system: <img width="333" alt="image" src="https://user-images.githubusercontent.com/5452653/177599545-b915fa42-2260-45d4-9e49-59298cc89ef7.png"> After all, listing a bunch of cryptic user id/handles would be quite useless. In such a case, the user would not be able to identify which one to pick. So, to conclude: - current browser implementations **do** expose private information like name/displayName - the user id/handle is not shown (nor do I know any way to access it) ...so I'm kind of puzzled that there are privacy issues for an internal id that's never shown while name/displayName are easely listed without requiring user verification. -- GitHub Notification of comment by dagnelies Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1763#issuecomment-1176438460 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 July 2022 16:36:54 UTC