Skip to content

Spec should document fingerprinting and XSLeak risk #42

New issue
New issue
Open
Open
Spec should document fingerprinting and XSLeak risk#42
Labels
privacy-needs-resolutionIssue the Privacy Group has raised and looks for a response on.
@pes10k

Description

@pes10k
pes10k
opened on Feb 22, 2023

This review is part of the requested PING review.

The proposed functionality may increase fingerprinting risk and cross-site information flows, depending on how browsers make autoplay decisions.

If browsers make autoplay decisions based on any of following inputs (incomplete list), the new functionality contributes to fingerprinting risk:

  • a profile/browser setting
  • a global permission setting
  • an OS level setting or feature (e.g., data saving, battery status)
  • etc

If browsers make autoplay decisions based on any of the following inputs (incomplete list), the new functionality may create a new cross-site information flow.

  • whether any media is playing (or has played) on anther page/tab
  • whether the site has instances open on other pages (playing or otherwise)

These are important, privacy-relevant decisions and factors implementors will need to consider, and should be incorporated into the privacy considerations section.

Metadata

Metadata

Assignees

No one assigned

    Labels

    privacy-needs-resolutionIssue the Privacy Group has raised and looks for a response on.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions