Re: [w3c/payment-handler] Open Window Algorithm and tracking through 1ps (#351)

> Safari suggested automatically granting requestStorageAccess() calls that are triggered by user gesture, and only prompts if the browser suspects some funny business is going on

I don't see anything about "automatically granting".  The user gesture part is a requirement, but isn't access itself.

> Browser can work with the user to “vet” payment apps that they trust, etc…

The browser doesn't need a long list of new, hard to reason about, hard to compose guesses for when privacy isn't needed.  I appreciate, from your perspective "what's one more little exception", but that is the way that privacy on the platform will continue to crumble; a long list of growing exceptions. 

More specifically, can you say how your proposal for `PaymentRequest.show` differs from the one `requestStorageAccess`?  Are you proposing the exact same algorithm, just with different words in the user prompt?  If thats the case, I would be fine with this; but I don't understand how it differs from the original request, to make the payment handler context a standard 3p content. I don't mean any argument, im just trying to understand the current suggestion.

> Also because the communication is via Payment Request API instead of the generic postMessage, this leaves room for browser to detect and restrict abuse

Can you say more about this?  Any communication channel can quickly be converted to transmit arbitrary data

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/351#issuecomment-555237335

Received on Monday, 18 November 2019 22:23:49 UTC