Re: [w3c/payment-request] Suggested emphasis of privacy protections (#628) from Marcos Cáceres on 2017-09-21 (public-webpayments-specs@w3.org from September 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 21 Sep 2017 05:29:05 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/pull/628/review/64181433@github.com>

marcoscaceres commented on this pull request.



> @@ -3320,6 +3320,11 @@
           The <a>user agent</a> MUST NOT share information about the user with
           a developer (e.g., the shipping address) without user consent.
         </p>
+        <p>
+          The <a>user agent</a> MUST NOT share sales information beyond the payment

> Sorry, but the word consent hasn't worked in protecting privacy. It's been a total failure. For example cookies and tracking.

There, absolutely. But here it's fairly well guarded because all implementations have good UIs in place. 
 
> There should be no need for the payment request api to ever include this information in the requests for payment.

This may not necessarily be true. I could have a "budget app" that I actually want to pass this kind of information into. If I, as a user, trust the budget app, then I should be able give my consent for the display items to be passed along, no? 

Here is a real world example. I buy a lot stuff from eBay, and pay with PayPal... I (perhaps foolishly?) trust PayPal with the display items, and those show up in my receipt:

![screenshot 2017-09-21 15 24 32](https://user-images.githubusercontent.com/870154/30680137-54276006-9ee1-11e7-9567-03060305fe57.png)

Here is another one... I got a message while on vacation, and paid with Square. I again (perhaps foolishly?) trust Square wit the display item ... though I never agreed to them having that information: 

![screenshot 2017-09-21 15 26 06](https://user-images.githubusercontent.com/870154/30680139-578eb6e0-9ee1-11e7-8d4d-7b8bde70575b.png)

What we are proposing for this spec is better - because it puts the user in control: be requiring consent, the user can say via the browser "never send my displayItems to X". And I think that's pretty awesome, from a privacy perspective (much better than PayPal and Square getting that stuff by default). 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/628#discussion_r140151829

Received on Thursday, 21 September 2017 05:29:27 UTC