Wordsmithing for 2025 #69
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomrittervg
force-pushed
the
2025-01-17-tjr-wordsmithing
branch
from
beca6c7 to
37049b7
Compare
This was referenced Jan 17, 2025
npdoty
reviewed
Jan 28, 2025
tomrittervg
force-pushed
the
2025-01-17-tjr-wordsmithing
branch
from
37049b7 to
a5bdb3d
Compare
npdoty
approved these changes
Jan 28, 2025
jyasskin
approved these changes
Feb 6, 2025
| Permanent identifiers or other state (for example, identifiers or keys set in hardware) should typically not be exposed. Where necessary, access to such identifiers would require user permission (however, explaining the implications of such permission to users may be difficult) and limitation to a particular origin (however, server-side collusion between origins will be difficult to detect). | ||
| As a result, your design should not rely on saving and later querying data on the client beyond a user's clearing cookies or other local state. That is, you should not expect any local state information to be permanent or to persist longer than other local state. | ||
| Permanent identifiers or other state (for example, identifiers or keys set in hardware) should typically not be used. Where necessary, access to such identifiers would require user permission and limitation to a particular origin. However even heavy-weight mitigations are imperfect: explaining the implications of such permission to users may be difficult and server-side collusion between origins is typically impossible to detect. | ||
| As a result, your design should not rely on saving and later querying data on the client and expecting it to persist beyond a user clearing cookies or other local state. That is, you should not expect any local state information to be permanent or to persist longer than other local state. |
There was a problem hiding this comment.
No particular change needed in this PR, but we do have features that encourage some local state to persist longer than other state. Passwords in the password manager, especially, but also https://storage.spec.whatwg.org/#dom-storagemanager-persist and https://github.com/WICG/storage-buckets/blob/main/explainer.md help websites give different lifetimes to different state, and I think that's all consistent with privacy.
chrisn
reviewed
Feb 7, 2025
tomrittervg
force-pushed
the
2025-01-17-tjr-wordsmithing
branch
from
d629e5f to
ecd1704
Compare
- Strengthing wording to describe fingerprinting as a threat - Mentioning VPNs as a common privacy tool that does not help - Stripping mentions of plugins. - Mention advances in CSS-based fingerprinting - Mention the differences between client-side fingerprint calculation and server-side - Mention User Gesture - Various other small wordsmiths
tomrittervg
force-pushed
the
2025-01-17-tjr-wordsmithing
branch
from
ecd1704 to
6db14f6
Compare
|
Rebased |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #68
Some of these changes are more syntactic than semantic, I tried to limit those but a few still jumped out to me.
Preview | Diff