From 9e5938bd0287d734fa55cfe779cb0f62085f2e0e Mon Sep 17 00:00:00 2001
From: Marcos Caceres <marcos@marcosc.com>
Date: Thu, 31 Mar 2016 13:47:33 +1100
Subject: [PATCH] Feat (start_url): add privacy consideration (closes #399)

---
 index.html | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/index.html b/index.html
index e2da9d8f4..30be46b69 100644
--- a/index.html
+++ b/index.html
@@ -1736,6 +1736,27 @@ <h3>
             <samp>https://example.com/start_point.html</samp>.
           </p>
         </div>
+        <section>
+          <h3>
+            Privacy consideration: <code>start_url</code> tracking
+          </h3>
+          <p>
+            It's conceivable that the <code>start_url</code> could be crafted
+            to indicate that the application was launched from outside the
+            browser (e.g., <code>"start_url":
+            "index.html?launcher=homescreen"</code>). This can be useful for
+            analytics and possibly other customizations. However, it is also
+            conceivable that developers could encode strings into the start_url
+            that uniquely identify the user (e.g., a server assigned
+            <abbr>UUID</abbr>). This is fingerprinting/privacy sensitive
+            information that the user might not be aware of.
+          </p>
+          <p>
+            Given the above, it RECOMMENDED that, upon installation, or any
+            time thereafter, a user agent allow the user to inspect and, if
+            necessary, modify the <a>start URL</a> of an application.
+          </p>
+        </section>
       </section>
       <section>
         <h3>