- From: Sauski <notifications@github.com>
- Date: Thu, 14 Jan 2021 09:33:30 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 14 January 2021 17:33:43 UTC
I think it’s worth revisiting this, to see if the changes proposed in PR #873 (support for requesting the entire address directly however removed) can be included in the earlier version of the specification. It feels wrong to introduce a spec that reduces how good a good actor can be over the current state. If a site previously made the decision to limit the address data it attempted to collect then we should be supporting that behavior and enabling it to continue. In concert with this, absent any well defined, UA managed, incentives for sites to request less than the maximum possible information, it seems that the spec should aim to make the most private option the path of least resistance. Introducing an intermediate state that is the combination of the least effort and least private option, then later attempting to persuade the ecosystem away from that position by offering a higher effort & higher privacy option, seems more challenging than simply avoiding offering the possibility in the first place. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/842#issuecomment-760347638
Received on Thursday, 14 January 2021 17:33:43 UTC