Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify predicted events privacy implication #527

Merged
merged 2 commits into from
Nov 6, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion index.html
Original file line number Diff line number Diff line change
Expand Up @@ -1302,7 +1302,7 @@ <h2><dfn>Coalesced events</dfn></h2>
<h2><dfn>Predicted events</dfn></h2>

<p>Some user agents have built-in algorithms which, after a series of confirmed pointer movements,
can make a prediction (based on past points, and the speed/trajectory of the movement) what
can make a prediction (based on the preceding events for the current gesture, and the speed/trajectory of the movement) what
the position of future pointer movements may be. Applications can use this information with
the <a data-lt="PointerEvent.getPredictedEvents"><code>getPredictedEvents()</code></a> method to speculatively "draw ahead" to a predicted position
to reduce perceived latency, and then discarding these predicted points once the actual points
Expand Down Expand Up @@ -1538,6 +1538,7 @@ <h1>Security and privacy considerations</h1>
<p>Pointer events contain additional information (where supported by the user's device), such as the angle or tilt at which a pen input is held, the geometry of the contact surface, and the pressure exerted on the stylus or touch screen. Information about angle, tilt, geometry and pressure are directly related to sensors on the user's device, meaning that this specification allows an origin access to these sensors.</p>
<p>This sensor data, as well as the ability to determine the type of input mechanism (mouse, touch, pen) used, may be used to infer characteristics of a user, or of the user's device and environment. These inferred characteristics and any device/environment information may themselves be sensitive — for instance, they may allow a malicious site to further infer if a user is using assistive technologies. This information can also be potentially used for the purposes of building a user profile and/or attempting to "fingerprint" and track a particular user.</p>
<p>As mitigation, user agents may consider including the ability for users to disable access to particular sensor data (such as angle, tilt, pressure), and/or to make it available only after an explicit opt-in from the user.</p>
<p>This specification defines the method by which authors can access "predicted events". The specification does not, itself, define the algorithms that user agents should use for their prediction. The specification authors envisage the algorithms to only rely on preceding pointer events related to the current gesture that a user is performing. It is the responsibility of user agents to ensure that their specific implementation of a prediction algorithm does not rely on any additional data - such as the user's full interaction history across different sites - that could expose information that could be used to "fingerprint" and track a particular user.</p>
patrickhlauke marked this conversation as resolved.
Show resolved Hide resolved
<p>Beyond these considerations, the working group believes that this specification:</p>
<ul>
<li>Does not expose personally-identifiable information.</li>
Expand Down
Loading