Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

autocomplete=device-eid and =device-imei #1002

Closed
saschanaz opened this issue Mar 19, 2024 · 3 comments
Closed

autocomplete=device-eid and =device-imei #1002

saschanaz opened this issue Mar 19, 2024 · 3 comments
Assignees
@zcorpan
Labels
position: negative

Comments

@saschanaz
Copy link
Contributor

Request for Mozilla Position on an Emerging Web Specification

Other information
@jgraham
Copy link
Member

jgraham commented Mar 20, 2024

According to the filed issue:

It's not expected that general purpose user agents support autofill for these identifiers.

We expect these to be useful in select operating system or trusted application flows whereby the operating system can guarantee the information is shared, provided the user consents, with a trusted party.

It's unclear to me what exactly is meant by "operating system or trusted application flows" here. In general it seems like there are two possibilities:

  • This includes web sites i.e. things that can be reached in a general purpose web browser via a URL. In this case it's not obvious how trust is being assigned to these websites, or why general purpose web browsers aren't expected to implement the proposal.

  • This is exclusively for non-web use cases that happen to be using HTML.

In the former case it sounds like an obvious compatibility hazard to attempt to standardise features that are only intended to work in some user agents. In the latter case, it seems out of scope for WHATWG. In particular the workstream document describes the scope of HTML as (emphasis mine):

A kitchen sink full of technologies for the web, including the core markup language for the web, HTML, as well as numerous APIs like Web Sockets, Web Workers, localStorage, etc.

This suggests to me that if the proposal isn't for general web use it also isn't suitable for inclusion in HTML.

@annevk
Copy link
Contributor

annevk commented Mar 20, 2024

The autofilling aspects need a fair amount of guardrails given the sensitivity of the data, but in principle the mechanism can work in general purpose user agents and it's definitely expected to be implemented by websites you can reach via a URL.

@zcorpan zcorpan self-assigned this Apr 8, 2024
@zcorpan
Copy link
Member

zcorpan commented Apr 11, 2024
edited
Loading

We think this proposal would set a precedent of adding a privacy-sensitive feature to HTML that don't apply to general-purpose UAs. Your comment above says it could be implemented in a general-purpose UAs, but based on the text
@jgraham quoted it seems there's no such plan.

If such a plan materializes, we can reevaluate.

@zcorpan zcorpan closed this as completed Apr 11, 2024
@zcorpan zcorpan mentioned this issue Apr 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zcorpan zcorpan

Labels
position: negative
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zcorpan @jgraham @annevk @saschanaz