Re: [w3c/payment-request] Suggested emphasis of privacy protections (#628)

> @ianbjacobs I think we need to carve some time out for this at TPAC. 

If we go to crazy with this we will end up exactly where we are now: with the spec saying nothing. Let's accept the minimal of what we can get away with (and what's most realistic, and is better than the current status quo in the wider market). 

I think all implementers are already doing the right thing and not sharing this information with third party apps - so to make this an issue, when it's not actually an issue, risks upsetting people unnecessarily on what is already a super sensitive topic. 

I think best we can do is really try to educate people as to why it's a really terrible idea to share `displayItems` from a privacy perspective - and I think everyone in the working group already knows why, because they are all in the fintech industry (and if someone does it in the future, they ask the user if it's ok, and let them turn that off) - but that's pretty much all we can really do here.   


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/628#issuecomment-331364616

Received on Friday, 22 September 2017 06:46:11 UTC