Re: [webauthn] Add a method to get all the credentials for a rely party on the client device to support the rely party (website) to limit the number of accounts a user can register (#2222) from Emil Lundberg via GitHub on 2025-01-13 (public-webauthn@w3.org from January 2025)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 13 Jan 2025 12:06:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2586928513-1736769967-sysbot+gh@w3.org>

I'd just like to add for the record:

> I think we should not emphasize the user privacy too much.

This sentiment is directly contradicted by [W3C Ethical Web Principles §2.5. The web is secure and respects people's privacy](https://www.w3.org/TR/ethical-web-principles/#privacy):

>When we add features to the web platform, we are making decisions that impact people's ability to control their personal data. This data includes their conversations, their financial transactions and how they live their lives. We will start by creating web technologies that create as few potential threats to web users as possible, and mitigate the threats that we cannot avoid. We will make sure people understand what risks they are taking when they use the web.

Which is why this W3C working group prioritizes user privacy over RP convenience.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2222#issuecomment-2586928513 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 13 January 2025 12:06:09 UTC