Privacy considerations #777
Comments
|
I suppose https://www.w3.org/TR/security-privacy-questionnaire/#minimum-data is applicable and the answer is "legacy", but I don't think it's a privacy issue. |
|
I'm saying that I'm not really sure what a Privacy section for DOM would say. I'm not sure if it had privacy review, but in terms of self-review I suppose I have done some of that. |
|
@annevk Are you saying that there are no privacy-sensitive aspects to the DOM that have changed recently? Or that such a review has been done, but elsewhere? In general, the request from PING is that, for functionality that has been recently added to the standard, can you answer the questions on the linked to security and privacy questionnaire. What new functionality has been provided to pages, if the group has considered whether a subset, or more privacy-preserving version of that functionality, would be sufficient, and if not, how the current level was selected, etc. If though, the issue is just choosing the "changed since" date for comparison, and thats whats not clear, I'm happy to make a suggestion, given the edit / revision history of the document, but maybe changes since the Memorandum of Understanding would be a good jumping off point. WDYT? |
|
I'm saying that I'm not aware of anyone having done such a review, ever. Or if they have, no issues were filed as a result. No changes since the W3C MoU were privacy-relevant afaict. The only somewhat problematic answer I can imagine is that for some primitives there's multiple ways to get to them, mostly due to how the web evolved. That's not really fixable. But then again, having |
|
Hi @annevk i see, this is all useful. After re-reading the spec, and reminding myself whats in the HTML spec (which has lots of privacy relevant stuff, of course) and whats covered by the DOM spec, I see your point, that the privacy and security sections probably aren't needed (so this also applies to #776) One last thing that'd be helpful for us though, in thinking through how to do future DOM reviews (since DOM and HTML are unique balls of wax re W3C), is there anything you could point us to / share with us about how the group thinks through the privacy and security aspects of the standard? Do you have implicit guidelines, or firm rules, or anything like that that guides the group's work? Thanks for working through this with us |
|
I don't think there's anything formalized, but https://wiki.mozilla.org/Security/Anti_tracking_policy and https://webkit.org/tracking-prevention-policy/ come to mind as well as not introducing new same-origin policy violations, or adding features for which no meaningful end user consent can be obtained. |
|
Thanks annevk. @samuelweiler and @Snyder unless you say otherwise by end of 31 October, we'll assume this satisfactorily concludes the privacy review of the DOM Standard review draft (ahead of its transition to CR). |
|
Thanks on both counts!
|
Would you add a section summarizing areas of privacy interest within the DOM spec?
The below document might be of help:
https://www.w3.org/TR/security-privacy-questionnaire/
The text was updated successfully, but these errors were encountered: