Re: [w3c/browser-payment-api] How are payment apps shared between different browser brands? (#38) from Jeff Burdges on 2016-04-24 (public-webpayments-specs@w3.org from April 2016)

From: Jeff Burdges <notifications@github.com>
Date: Sun, 24 Apr 2016 14:33:38 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Cc:
Message-ID: <w3c/browser-payment-api/issues/38/214041415@github.com>

I missed this issue before, but I should point out : 

There is a serious security threat in sharing payment app registrations between different browsers and different profiles of the same browsers because people do manage their web exposure by using different browsers.  It's easy to click too far through common menus and accidentally reveal a shipping address to a site that you want to buy from but must not learn your address. 

Examples : 
- It's not so strange to configure different browsers differently, or use browser profiles, for different sorts of activities, like to isolate Google+, Gmail, etc. from Google Maps.
- Anyone using Tor Browser probably has a normal browsers they use in special contexts. 
- It's reasonable to imagine a family machine separating users using browser profiles instead of system users. 

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/38#issuecomment-214041415

Received on Sunday, 24 April 2016 21:34:31 UTC