Re: [w3c/payment-request] Changes resulting from 28 February PING privacy review (#843)

@ianbjacobs 
> That was one of the suggestions from the call that made it into the pull request: to limit in the face of multiple calls with different parameters from the top-level browsing context. Are there concrete text suggestions you have for making that clearer?

I see the "For example, a user agent may restrict the number of successful calls that can be made based on the top-level browsing context" text.  I'm not sure I understand the "successful calls" text there.  Whats an "unsuccessful" call?  If "unsuccessful" means `canMakePayment` returns false, then merely rate-limiting on "successful" calls won't do much to reduce its finger-print-ability.  Apologies if I'm miss understanding but could you explain / clarify whats meant here?

> A related topic (outside of Payment Request API) involves device fingerprinting (through JavaScript and other mechanisms). Our ongoing discussions in the working group involve topics like how to manage user privacy preferences with demands for data from risk engines.

Great!  Where is the best place to stay up to date on these discussions?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/843#issuecomment-469418164

Received on Monday, 4 March 2019 20:56:19 UTC