You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An obvious downside of such a system, especially if user agent identity is included, is that sites might require that users use particular "trustworthy" operating systems or user agents in order to browse those sites. To combat that, the explainer suggests that a fraction of devices could refuse to prove their own software stack, even if they technically could do so. Such a "holdback" would be good for users of minority operating systems and browsers, and probably good for the web as a whole. However, it would likely mean that the particular held back users would see more CAPTCHAs or other bot-prevention UI, which would be bad for those users. Is that an example of the UA being disloyal? If so, do we want the Privacy Principles to say that this disloyalty breaches a duty that UAs owe to their users?
The text was updated successfully, but these errors were encountered:
I see. I guess I considered all "users" to be the same actor here, since the current user may move in and out of the holdback group over long periods of time and become indistinguishable from the rest at some point, and the holdback/extra "processing" exists to help all of them. I could just be holding the terms wrong though!
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md is a proposal to allow users to prove to websites that they're using a trustworthy device. This is somewhat similar to Safari's Private Access Tokens. The explainer speculates about also proving that the user is running a particular user agent, but that's not a definite part of the proposal yet.
An obvious downside of such a system, especially if user agent identity is included, is that sites might require that users use particular "trustworthy" operating systems or user agents in order to browse those sites. To combat that, the explainer suggests that a fraction of devices could refuse to prove their own software stack, even if they technically could do so. Such a "holdback" would be good for users of minority operating systems and browsers, and probably good for the web as a whole. However, it would likely mean that the particular held back users would see more CAPTCHAs or other bot-prevention UI, which would be bad for those users. Is that an example of the UA being disloyal? If so, do we want the Privacy Principles to say that this disloyalty breaches a duty that UAs owe to their users?
The text was updated successfully, but these errors were encountered: