You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A common question these days with web APIs is "how does this enable fingerprinting"? I think your existing explainer Privacy considerations section addresses this, but only indirectly. For readers laser-focused on this popular question, it might be worth spelling it out explicitly.
In particular, I believe the argument goes something like:
Yes, when the user affirmatively consents to give access to a device, that gives you extra information about the user. Such as:
The fact that they are willing to give access to a device at all. (At least one bit.)
The specific device identifiers, which---among the set of people who grant Web Serial access---will further narrow down the population.
If the user consents to the prompt repeatedly on multiple different sites, then this allows cross-site joining of those bits.
However, this is very similar to existing APIs which grant a good number of bits behind a prompt. The strongest analogy is to <input type=file>, where giving the site access to a file gives it as many bits as compose the file, and if multiple sites all use <input type=file>, and the user gives them all access to the same file, the sites can can cross-site track the user based on those bits.
The text was updated successfully, but these errors were encountered:
A common question these days with web APIs is "how does this enable fingerprinting"? I think your existing explainer Privacy considerations section addresses this, but only indirectly. For readers laser-focused on this popular question, it might be worth spelling it out explicitly.
In particular, I believe the argument goes something like:
<input type=file>
, where giving the site access to a file gives it as many bits as compose the file, and if multiple sites all use<input type=file>
, and the user gives them all access to the same file, the sites can can cross-site track the user based on those bits.The text was updated successfully, but these errors were encountered: