Re: [w3c/payment-method-basic-card] Don't redact phone number from billingAddress (#80)

If I understand the proposal right, this would make it default behavior, and site controlled behavior, to send phone numbers anytime users are using basic card.  That would mean that using the payment API would expose more (and extremely sensitive) information to sites, in a way thats determined by the site.

This seems pretty extremely un-user serving, and building the browser defaults to fulfill the site needs over user interests.  If sites want the users phone number (a data point unrelated to credit cards), they should ask directly, not get it by way of taking a payment.

Strong, strong vote in favor of *NO* here.  Anything that ties the payment API to "requiring the user to share more information with the site" than current form-based-options aught to be a non-starter.  And equally the same for APIs that make it easier for users to share sensitive information without realizing it.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/80#issuecomment-505227603

Received on Tuesday, 25 June 2019 00:14:49 UTC