Re: [w3c/browser-payment-api] Why another API? (#203)

Imho, there is exactly one real social value provided by a browser API over payment apps using existing methods, like browser extensions. 

At some point, the user must choose what payment app with which to pay.  If we've no browser API, then that means payment apps must somehow notify the merchant that they are installed, which leaks one bit of identifying information per likely payment app.  This is bad.

In that scenario, a browser vendor wishing to protect user privacy, like say the Tor Project, should attempt to protect user privacy by pre-installing all the good payment apps that protect user privacy, and preventing the installation of any bad ones.  This sounds like a big mess. 

It's true browsers leak [far more information](https://panopticlick.eff.org/) like fonts, window dimension, etc., but browser vendors who actually care about privacy can reduce this.  Tor Browser does so.  And some main stream ones might be improving.  In any case, we do not want payment apps making this worse. 

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/203#issuecomment-220804254

Received on Saturday, 21 May 2016 22:43:23 UTC