- From: Marcos Cáceres <notifications@github.com>
- Date: Thu, 30 Nov 2017 17:45:58 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/issues/648/348377487@github.com>
> What is the goal here though? If the goal is to be more privacy sensitive but you're not redacting part of the post code then you didn't really make much of a change. When I lived in the UK, my post code was unique to me and 4 neighbours. The only variable was the house number between 1 and 5. Right now, the idea is to not pass along: * recipient * phone * organization * Possibly the addressLine. for `onshippingaddresschange`. The above four literally identify you specifically. In my (Australian) case, my post code corresponds to 13,203 people spanning an area of 5.5km<sup>2</sup> (2.1 sq mi). That offers me some anonymity if I'm trying to check shipping costs or overall price but don't want to go through with the purchase. Huge sorry to @zkoch and @rsolomakhin, but I'm going to use Chrome as an example. Here is what Chrome leaks right now `onshippingaddresschange`:  I've also checked, and Edge also leaks the above information to the site (sorry Edge folks 🙏). So goal is to prevent the kind of leakage seen above. Yes, post-code may identify you as 1 in 5 people in the UK, but that's better than 1 in 1. And for much of the world, it does provide a bit of additional protection. And yes, when the user hits pay, they reveal the full shipping details, including who it's being shipped to, etc., but that's to be expected by the user. That the browser is passing along all the details every time you pick a new address will likely surprise users - and it's fairly ripe for abuse. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/648#issuecomment-348377487
Received on Friday, 1 December 2017 01:46:21 UTC