Not clear that this is not increasing (passive) information exposure #255
Assignees
Comments
|
Thanks for filing @martinthomson, this is great feedback. I should be able to address it this week or next. |
miketaylr
added a commit
to miketaylr/ua-client-hints
that referenced
this issue
Sep 23, 2021
miketaylr
added a commit
to miketaylr/ua-client-hints
that referenced
this issue
Sep 23, 2021
Otherwise, we get FATAL ERROR: Couldn't load MDN Spec Links data for this spec. Shout out to @birtles for the suggested fix: speced/bikeshed#2045 (comment)
miketaylr
added a commit
to miketaylr/ua-client-hints
that referenced
this issue
Sep 23, 2021
miketaylr
added a commit
to miketaylr/ua-client-hints
that referenced
this issue
Sep 24, 2021
|
I'll also work on #266 based on @martinthomson's feedback on the PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After talking to @yoavweiss and @miketaylr about this I learned that the intent here is not to increase the amount of information that browsers expose to sites. The breadth of information listed in the specification makes it seem like this would be an increase in information for some browsers (Firefox stopped sharing full browser version information a long time ago). Having information like that listed makes it seem like the intent is to make that information consistently available.
I understand that the intent is to provide the same information as previously, with some information maybe being removed (WOW indicators on Windows, for instance, to start with). The document should state that up front.
The specification should also make it clear, for each field, that the information will not be provided if browsers don't want to provide it, which might be the case if the information was not previously available. This is there in S4.1.6, step 2, but it isn't especially prominent.
There are reasons why variations between browser policies for different fields might cause problems, but as this is limited to UA-specific details, it might be acceptable in this case.
Note: Some of our objections to this API are on the basis that the information being provided is both harmful from a privacy perspective and not useful to include. But we do have to acknowledge that the privacy harms in question already exist and that this is an attempt to find a way to remove the offending information in a managed fashion. The goal is to decouple a bunch of interconnected compatibility hazards to make that removal easier. I personally don't think that this gamble will work: people who have a developed a dependency on certain information aren't necessarily inclined to stop using that information, so removal of information is not made easier by this change. My guess is that the result will only be that more bytes are spent (minimally the three default fields) with the only benefit being a modest improvement clarity and reliability for those who move to using the new syntax.
The text was updated successfully, but these errors were encountered: