From 222226d1981faaab99ccfe4d2a61548a8e6be80a Mon Sep 17 00:00:00 2001 From: Daniel Appelquist Date: Mon, 11 Mar 2024 10:18:43 +0000 Subject: [PATCH] Add info to 9.1 ("Use care when exposing identifying information about devices") & change link (#470) * Add info to 9.1 & change link Addresses #398 * Update index.bs Co-authored-by: Amy Guy * Update index.bs Co-authored-by: Amy Guy * Update index.bs Co-authored-by: Martin Thomson * Update index.bs Co-authored-by: Martin Thomson * Update index.bs Co-authored-by: Martin Thomson * Update index.bs Co-authored-by: Martin Thomson --------- Co-authored-by: Amy Guy Co-authored-by: Martin Thomson --- index.bs | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/index.bs b/index.bs index feb6690..cdb28d5 100644 --- a/index.bs +++ b/index.bs @@ -2449,11 +2449,9 @@ So, these are called wrapper APIs. This section contains principles for consideration when designing APIs for devices. -

Use care when exposing identifying information about devices

+

Don't expose unnecessary information about devices

- -If you need to give web sites access to information about a device, -use the guidelines below to decide what information to expose. +In line with the [Data Minimization](#data-minimization) principle, if you need to give web sites access to information about a device, only expose the minimal amount of data necessary. Firstly, think carefully about whether it is really necessary to expose identifying information about the device at all. @@ -2465,15 +2463,16 @@ additional information about a device, or device identifiers, each increase the risk of harming the user's privacy. -One risk is that as more specific information is shared, -the set of +A web app should not be able to distinguish between the user rejecting +permission to use a sensor/capability, and the sensor/capability not being present. + +As more specific information is shared, +the [fingerprinting data](https://www.w3.org/TR/fingerprinting-guidance/) available to sites gets larger. -There are also [other potential risks](https://w3cping.github.io/privacy-threat-model/) +There are also [other potential risks]([[PRIVACY-PRINCIPLES#threats]]) to user privacy. -Issue: Privacy Threat Model is not ready for prime time. - If there is no way to design a less powerful API, use these guidelines when exposing device information: