Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rewrite privacy considerations on fingerprinting in start_url #1114

Merged
merged 4 commits into from
May 2, 2024

Conversation

mgiuca
Copy link
Collaborator

@mgiuca mgiuca commented Mar 7, 2024

Closes #1113

This change (choose at least one, delete ones that don't apply):

  • Adds new normative recommendations or optional items

(No implementation commitment required as it adds a MAY requirement.)

Commit message:

Rewrite privacy considerations on fingerprinting in start_url.

There is a "MUST NOT" requirement for developers about putting user data
in the start_url. This is not enforceable, so rewriting the paragraph:

1. Removed this requirement for developers.
2. Added a non-normative note that tells developers it would be
   irresponsible to do this (but acknowledging that we can't practically
   prevent it).
3. Added a MAY requirement for user agents to offer to uninstall apps
   associated with an origin when clearing site data.

Preview | Diff

@mgiuca mgiuca requested a review from marcoscaceres March 7, 2024 05:49
@mgiuca
Copy link
Collaborator Author

mgiuca commented Mar 7, 2024

@marcoscaceres the change is a bit hard to read because it's based off of #1112 which runs tidy and other changes. The relevant changed section is around line 810.

index.html Outdated Show resolved Hide resolved
index.html Outdated Show resolved Hide resolved
index.html Outdated Show resolved Hide resolved
index.html Outdated
developer would prefer the user agent load when the user launches the
web application (e.g., when the user clicks on the icon of the web
application from a device's application menu or homescreen).
represents the <dfn data-export="">start URL</dfn> , which is
Copy link
Member

@marcoscaceres marcoscaceres May 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still a bit worried about exporting "start URL" without an associated thing... could it be:

Suggested change
represents the <dfn data-export="">start URL</dfn> , which is
represents the <dfn class"export" data-dfn-for="installed web application">start URL</dfn> , which is

And yes, we still need a formal definition of a "web application".....

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, seems we have defined "installed web application" 🎉

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is commenting on a PR that was already submitted (#1112). (It just got caught up in this PR's delta because it wasn't submitted at the time I uploaded this.) I've rebased now, which should make things clearer.

You may be right, but I would like you to put this up as a separate PR if you don't mind. It's a bit complex as I've now got text in manifest-incubations which links to this and will have to be updated when you make this change.

Copy link
Member

@marcoscaceres marcoscaceres left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay... some suggestions.

mgiuca and others added 4 commits May 1, 2024 16:21
There is a "MUST NOT" requirement for developers about putting user data
in the start_url. This is not enforceable, so rewriting the paragraph:

1. Removed this requirement for developers.
2. Added a non-normative note that tells developers it would be
   irresponsible to do this (but acknowledging that we can't practically
   prevent it).
3. Added a MAY requirement for user agents to offer to uninstall apps
   associated with an origin when clearing site data.
Co-authored-by: Marcos Cáceres <[email protected]>
Co-authored-by: Marcos Cáceres <[email protected]>
Co-authored-by: Marcos Cáceres <[email protected]>
@mgiuca mgiuca force-pushed the privacy-no-must branch from a06a6b7 to 3351bdc Compare May 1, 2024 06:22
@mgiuca
Copy link
Collaborator Author

mgiuca commented May 1, 2024

Thanks for the review. I've rebased so it's now current against HEAD.

I accepted most of your suggestions, just pushing back against the new sentence about UAs messing with start URLs.

@marcoscaceres marcoscaceres merged commit 2a8fc0a into w3c:main May 2, 2024
2 checks passed
@marcoscaceres
Copy link
Member

Thanks @mgiuca. I agree that until such times that user agents strip things out (if ever) then there is probably no need to mention it. Just as an example, I think mail.app does strip out known identifiers... so there is some precedent.

github-actions bot added a commit that referenced this pull request May 2, 2024
SHA: 2a8fc0a
Reason: push, by marcoscaceres

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
github-actions bot added a commit to dmurph/manifest that referenced this pull request May 2, 2024
SHA: 2a8fc0a
Reason: push, by dmurph

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
github-actions bot added a commit that referenced this pull request May 2, 2024
SHA: 2a8fc0a
Reason: push, by dmurph

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Privacy consideration specifies an unenforceable "MUST NOT" condition on developers
2 participants