Below is an attempt to write comments on the charter to consider the feedback so far in this thread. It's not clear to me what the right charter changes to suggest for the privacy and fingerprinting issues are; I've made a proposal here, but I'm open to alternative suggestions.
There's also the question of whether these comments should constitute a formal objection to the charter. I think I'm leaning against, but could also be persuaded otherwise. -David ===== We're glad to see the plan to merge Navigation Timing into Resource Timing after level 2 is complete. However, this only partially addresses our concerns about confusing cross-references and monkeypatching between a number of the specifications produced by this working group. It would be good to also see User Timing and Performance Timeline merged into the same set of specifications in the next level. A number of the group's specifications have significant privacy implications: they might provide mechanisms for finding information about what other software is running on the user's computer, whether that's web content in other origins, or entirely separate software. This requires careful consideration of whether these features are safe. It would be good to see the Success Criteria section of the charter both explicitly ask the group to consider these issues, and explicitly say that it is an acceptable result for the group to decide not to release a specification because an acceptable solution for user privacy cannot be found. Likewise, some specifications in the group provide significant additional fingerprinting surface. When they do this, they should explicitly point out that they are doing so, and explicitly allow implementations to take countermeasures. We'd like to see the Success Criteria section of the charter encourage the group to consider fingerprinting explicitly. -- 𝄞 L. David Baron http://dbaron.org/ 𝄂 𝄢 Mozilla https://www.mozilla.org/ 𝄂 Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offense. - Robert Frost, Mending Wall (1914)
signature.asc
Description: PGP signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
