Address privacy issues in P&S explainer #780
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Addressed private browsing modes (resolves immersive-web#750)
toji
requested changes
Aug 5, 2019
There was a problem hiding this comment.
Some formatting and phrasing changes suggested. I'll rely on @NellWaliczek to better evaluate the privacy policies.
NellWaliczek
reviewed
Aug 6, 2019
privacy-security-explainer.md
Outdated
| Specific approaches to mitigating device fingerprinting are up to the user agent who is best equipped to evaluate the actual threat on a given platform using the platform's APIs. | ||
|
|
||
| ### User Profiling | ||
| This explainer prioritizes highly the protection of sensitive user characteristics. If there is a reasonable possibility that a reliable signal for a sensitive characteristic exists for some population of users, then [explicit consent](#explicit-consent) is strongly recommended. For example, [explicit consent](#explicit-consent) is strongly recommended before exposing data that sites might use to reliably infer sensitive user characteristics such as race, gender, or age. |
There was a problem hiding this comment.
"sensitive characteristics" could probably use a stronger, concrete definition. Perhaps in the same initial paragraph regarding "sensitive data"?
There was a problem hiding this comment.
I've updated this to refer to 'demographic' characteristics instead. WDYT?
johnpallett
commented
Aug 8, 2019
privacy-security-explainer.md
Outdated
| Specific approaches to mitigating device fingerprinting are up to the user agent who is best equipped to evaluate the actual threat on a given platform using the platform's APIs. | ||
|
|
||
| ### User Profiling | ||
| This explainer prioritizes highly the protection of sensitive user characteristics. If there is a reasonable possibility that a reliable signal for a sensitive characteristic exists for some population of users, then [explicit consent](#explicit-consent) is strongly recommended. For example, [explicit consent](#explicit-consent) is strongly recommended before exposing data that sites might use to reliably infer sensitive user characteristics such as race, gender, or age. |
There was a problem hiding this comment.
I've updated this to refer to 'demographic' characteristics instead. WDYT?
|
LGTM, but I'll let @NellWaliczek give the final approval and merge. Thanks! |
NellWaliczek
approved these changes
Aug 15, 2019
|
Fixed the typos that Nell caught |
toji
approved these changes
Aug 15, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello! This update to the privacy & security explainer adds more detail about various threat vectors, and explains the principles behind fingerprinting and profiling. It also addresses privacy browsing modes.
Specifically the PR resolves #748 and resolves #750
@NellWaliczek eager to get your feedback!