Re: [w3c/payment-request] redact full shipping address from event until payment response (#648) from Marcos Cáceres on 2017-11-30 (public-webpayments-specs@w3.org from November 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 30 Nov 2017 03:29:27 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/648/348072174@github.com>

> Would it be worth including that fields critical to calculating shipping costs should not be redacted? If these fields are redacted, it makes the shippingaddresschange hook pretty useless. Of course, this means we'd need to specify which address fields are critical, and that might be an ever-changing set of fields.

This would probably become problematic, because the merchants could just request "all the things" even when they don't need them. Thus, it would put us back in the situation we are in today.

> Agree with @michelle. Redaction of the zip/postal makes it impossible to accurately calculate shipping costs. As @jenan-stripe mentions, partial postal code redaction is still insufficient.

Understood - but this is in contrast to what Apple Pay does, right? The spec can mandate that all fields get returned, but the user agent can still choose not to do that. It's better that the spec reflect reality. We have similar concerns in Mozilla around user privacy... so, it's just a matter of finding the right balance.

To be clear: no one is suggesting specifically saying that we should redact the post code. Just that we get a clear understanding of exactly what is universally critical to calculate the shipping. So, let's do exactly that.

Here is the list of attributes from `[PaymentAddress](https://w3c.github.io/payment-request/#paymentaddress-interface)` - let's work out which are critical (e.g., country), and which are definitely no no (e.g., recipient and phone), or might make no difference (e.g., organization?).

@michelle, @lyverovski, @jenan-stripe, as folks who know most in this area, can you categorize them and give a justification for why they are critical:

* country
* addressLine
* region
* city
* dependentLocality
* postalCode
* sortingCode
* languageCode
* organization
* recipient
* phone

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/648#issuecomment-348072174

Received on Thursday, 30 November 2017 03:29:50 UTC