Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should Be Opt-In: Introduces privacy harm with no direct browser-user benefit #1

Open
pes10k opened this issue Dec 25, 2019 · 1 comment
Open

Should Be Opt-In: Introduces privacy harm with no direct browser-user benefit #1

pes10k opened this issue Dec 25, 2019 · 1 comment
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@pes10k
Copy link

pes10k commented Dec 25, 2019

Moving comments over from w3c/reporting#169

In general, this API should be opt-in.

  1. This introduces privacy harm, in that it opens up new channels for communication between the site and potentially 3rd parties, over types of information not currently easily captured.
  2. This should be opt in, since the primary beneficiary is the web site, and not the web user.
  3. These reports are particularly user-hostile, since the whole point of many interventions is that the user is trying to hide information from the site they're visiting (and the included 3 parties)
  4. What information would be added to the WebExtension layer to allow extensions or similar to block Depreciation reports (independent of other POSTs / reports)?
@pes10k pes10k mentioned this issue Dec 25, 2019
Open
@jyasskin jyasskin mentioned this issue Dec 26, 2019
Open
@shwetank
Copy link

I would interested to know the use cases for having this, which are not solved using existing methods (for example, for geolocaton, looking out for the PositonError values etc - similar for other Web APIs requesting user permisson).

Also, reporting URI should be limited to same origin as the page.

Also, second point 4 - Info and capability should be added to have browser extensions to block these intervention reports.

@plehegar plehegar added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label Feb 10, 2020
@samuelweiler samuelweiler mentioned this issue Dec 3, 2020
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shwetank @pes10k @plehegar