This does not change the privacy story nor does it introduce a privacy regression, as cross-origin subframes can currently postMessage() data to the root that the root frame can then use as automatic beacon data. Both the existing capability as well as the proposed changes involve the root fenced frame document and the cross-origin subframe document opting-in to this sharing.
There's a bit of an overloaded terminology that confuses me: when you refer to a cross-origin subframe, are we talking about a cross-origin fenced frame or an iframe? My recollection is that in a fenced frame case, one cannot use postMessage to communicate with its embedder. Having this data sent, if that's the case, would seem to introduce a new information sharing channel. If the subframe here refers to an iframe, then I agree that there's no novel channel. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dd44e2df-31a3-4f22-8d48-7e93384c4e84n%40chromium.org.
