- From: Simon Pieters <simonp@opera.com>
- Date: Mon, 02 Sep 2013 09:57:12 +0200
- To: "Dirk Schulze" <dschulze@adobe.com>, "L. David Baron" <dbaron@dbaron.org>
- Cc: "www-style@w3.org" <www-style@w3.org>
On Sat, 31 Aug 2013 02:04:59 +0200, L. David Baron <dbaron@dbaron.org> wrote: > If we standardize on a set of colors, I think it would make more > sense to use a set of colors from the default theme of a recent > Windows version than to use the Android/iOS defaults. Works for me. Why do you think that would make more sense? Because the CSS system colors were copied from Windows? > So I think there are two separate privacy/security concerns: > spoofing (presenting fake dialogs to the user that appear to be > real) and fingerprinting (using data that differs between users to > identify them). > > In practice, I'm not that worried about spoofing. Users seem to be > spoofed just fine with screenshots of dialogs. (Perhaps that's a > sign that there's so much non-native-looking UI around that users > have no expectation of native-looking UI.) Though spoofing could > become more of a risk in the future, I suppose. > > The fingerprinting is perhaps more of a real concern, but I think > this is far from the worst fingerprinting vector available in CSS. > (I suspect that's fonts.) I agree. Do you think it is pointless to get rid of weak fingerprint vectors so long as there are stronger fingerprint vectors? -- Simon Pieters Opera Software
Received on Monday, 2 September 2013 07:51:01 UTC