Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[wg/css] CSS Working Group Charter #477

Open
1 task done
svgeesus opened this issue Aug 13, 2024 · 31 comments
Open
1 task done

[wg/css] CSS Working Group Charter #477

svgeesus opened this issue Aug 13, 2024 · 31 comments

Comments

@svgeesus
Copy link
Contributor

svgeesus commented Aug 13, 2024

New charter proposal, reviewers please take note.

Charter Review

Charter:

If applicable:
diff from previous charter and diff from template

chair dashboard

What kind of charter is this? Check the relevant box / remove irrelevant branches.

  • Existing
  • Existing WG recharter

Communities suggested for outreach:

Known or potential areas of concern:

Where would charter proponents like to see issues raised? CSSWG issue

Anything else we should think about as we review?

Note: proposed chairs should be copied @... on this issue.

@astearns @atanassov

@ruoxiran
Copy link

There is an extra < in section 1. There are no other comments from APA.

@himorin
Copy link

himorin commented Aug 21, 2024

no comment or request from i18n, with great thanks for all of your works!

svgeesus added a commit to w3c/charter-drafts that referenced this issue Aug 26, 2024
@svgeesus
Copy link
Contributor Author

Thanks, typo fixed

@svgeesus
Copy link
Contributor Author

@simoneonofri any security comments? @plehegar any comments from PING?

@simoneonofri
Copy link

Hi, @svgeesus, on the charter, it's indicated the need for Security Considerations, and that's fine.
I'm quickly looking at the various deliverables.

There are quite a few, and in general, as written in the various Security Considerations.

To summarize.

Common Threats / Attacks

Information Disclosure (aka Information Leakage)

on several levels (say Infokeak is a Security-Privacy hybrid threat):

Perhaps we can consider it more at the implementation level, infoleak leading to memory corruption, as is specified Transitions, and it would be useful to specify good standards at the implementation level, as happened on WebGPU?

Tampering Data

If we use STRIDE, we also have Spoof Identity, Repudiation, DoS, and Elevation of Privilege. I'm pondering whether they can be applied to CSS as well, if you think of this model, broadly speaking, can you think of anything? (e.g., for DoS, we often implement limitations so as not to saturate resources)

Security Considerations

Some deliverables:

  • Still need Security Considerations, e.g., CSS Speech Module
  • Have the statement “This specification introduces no new privacy leaks, or security considerations beyond ‘implement it correctly’” e.g., Writing Modes. The directives for correct implementations are specified somewhere, such as in Transforms Module or on Filter Effects? I like this approach.
  • Others indicate “introduces no new privacy leaks, or security considerations,” though in that case, it would be useful to point to “known” ones such as on Geometry Interfaces Module.

@svgeesus
Copy link
Contributor Author

@simoneonofri thank you. As these are comments on individual deliverables it would be helpful to raise them on csswg repo against the relevant spec, so that they don't get lost.

On your more general points:

“introduces no new privacy leaks, or security considerations,”

I hate when people write that, such a bold and unsubstantiated claim. Instead I encourage

No privacy concerns have been raised against this specification
No security concerns have been raised against this specification

In other words statements which are provably true or false.

Some old/unmaintained specs still have one section for both Privacy and Security, or indeed no section at all; I fix these as they get published to /TR.

@simoneonofri
Copy link

simoneonofri commented Aug 31, 2024

@svgeesus thank you for your answer.

In general, I think that raising concerns, it seems more an "external" think, even if this should be a joint work between the specs developer and security experts.

And it can make sense that there are no new considerations, but it can be good a reference to the old one.\

However there are some points maybe we should work on, I'll write to the Strategy Team.

@svgeesus
Copy link
Contributor Author

svgeesus commented Sep 3, 2024

@tjwhalen any comments on this draft charter from a privacy perspective?

@plehegar
Copy link
Member

plehegar commented Sep 5, 2024

PING is not yet fine.

@plehegar
Copy link
Member

plehegar commented Sep 5, 2024

(from PING) There has a batch of issues related to privacy. Was there progress by the CSS WG? In particular on the font fingerprinting front.
Also, media queries did not have a privacy review since 2020. What's the plan to move media queries forward?

@tjwhalen
Copy link

tjwhalen commented Sep 9, 2024

@tjwhalen any comments on this draft charter from a privacy perspective?
To build on @plehegar's comments, based on my quick read and helpful discussion from #privacy-reviews (thx Jeffrey Yasskin):

  • given the concerns around outstanding privacy issues, the charter should be explicit about planned work: which modules do you expect to work on, create new levels of, and/or advance to CR?
  • the charter also should establish a link between the "Classification" in css-2024 through css-2026 and the ED/WC/CR state of the associated specification. In regard to media queries (mentioned above): https://drafts.csswg.org/css-2024/#experimental indicates that most non-CR features aren't intended to be released widely, but it seems to be out of date for media queries: https://caniuse.com/?search=prefers

Thanks for taking time to solicit my comments, particularly as they're at a late stage (and I may be lacking some context, having just shown up!).

@svgeesus
Copy link
Contributor Author

(from PING) There has a batch of issues related to privacy. Was there progress by the CSS WG? In particular on the font fingerprinting front.

Of those 10, six are flagged "close?".

On the font issue, we thought we had broken the impasse between I18n ("doing this breaks the Web for readers of minority languages") and PING ("no increase in fingerprintable entropy is acceptable for any reason") with some new wording that I18n thought was much better, but PING still said no. Effectively, each horizontal group is happy to throw the other group's users under a bus.

I will look into the MQ situation.

@svgeesus
Copy link
Contributor Author

This one

was responded to and the commenter was satisfied in 2022 and is still not closed. While this one

was resolved in 2020 and again, not closed for some reason 4 years later. A bit of tidying up on the PING side would be very welcome.

@svgeesus
Copy link
Contributor Author

Also, media queries did not have a privacy review since 2020. What's the plan to move media queries forward?

The list of changes since the 2021 WD is very small, which is probably why a re-review was not requested. However, perhaps in consequence, it still has one Privacy and Security section. There does not seem yet to be consensus on

I will discuss with @frivoal at TPAC

@svgeesus
Copy link
Contributor Author

I will look into the MQ situation.

I tagged some MQ5 issues with https://github.com/w3c/csswg-drafts/labels/privacy-tracker

@simoneonofri
Copy link

@simoneonofri thank you. As these are comments on individual deliverables it would be helpful to raise them on csswg repo against the relevant spec, so that they don't get lost.

we can catch during the various transition requests

On your more general points:

“introduces no new privacy leaks, or security considerations,”

I hate when people write that, such a bold and unsubstantiated claim. Instead I encourage

No privacy concerns have been raised against this specification
No security concerns have been raised against this specification

In other words statements which are provably true or false.

In general, the issue is, has anyone asked within the WG what are the Privacy and Security Considerations?
It's not easy when you're in the “I'm building something” mode to figure out “what could go wrong,” but in general on the CSS side there's a lot of fingerprinting, as they also pointed out from PING and that also has an impact often at the Security level, particularly when we go to work on the GPU.
Probably a correct statement could be “According to the Threat Model (link to threat model), these are the residual threats we have, or I don't sound new threats compared to the general model.”
Step by step we will get there :)

Some old/unmaintained specs still have one section for both Privacy and Security, or indeed no section at all; I fix these as they get published to /TR.

Thank you!

@svgeesus
Copy link
Contributor Author

Probably a correct statement could be “According to the Threat Model (link to threat model), these are the residual threats we have, or I don't sound new threats compared to the general model.”

I didn't follow the "I don't sound" part. Autocorrect?

@simoneonofri
Copy link

s/sound/found/ :)

@astearns
Copy link
Member

@svgeesus we resolved yesterday to adopt intersection observer

https://log.csswg.org/irc.w3.org/css/2024-09-26/#e1651268

Could you add this to the upcoming charter?

@astearns
Copy link
Member

(support for this move: #457 (comment) )

@svgeesus
Copy link
Contributor Author

svgeesus commented Oct 2, 2024

Could you add this to the upcoming charter?

Will do!

@plehegar
Copy link
Member

plehegar commented Oct 4, 2024

Several of us sat down last week to figure out how to move forward on fonts fingerprinting issue (see also Fonts, Privacy, and Not Breaking the Web). @svgeesus agreed to make a new pull request to attempt to resolve the matter. However, I don't believe the charter has to block on resolving this issue.

@svgeesus
Copy link
Contributor Author

However, I don't believe the charter has to block on resolving this issue.

In that case, @plehegar for this charter review, can we mark the Privacy review as complete?

@plehegar
Copy link
Member

However, I don't believe the charter has to block on resolving this issue.

In that case, @plehegar for this charter review, can we mark the Privacy review as complete?

I don't expect anything else to come from PING at this point. My suggestion would be that we mention this ongoing work when starting the AC review.

@svgeesus
Copy link
Contributor Author

svgeesus commented Nov 5, 2024

Charter now has current deliverables list including Intersection Observer

@plehegar
Copy link
Member

from a Privacy perspective, there is still a concern on the lack of progress on the font fingerprinting issue. looking forward for progress following conversations at TPAC.

@plehegar
Copy link
Member

one minor bit: the text "In order to advance to Proposed Recommendation ," should be updated with the latest charter template. (there might be other things as well)

@svgeesus
Copy link
Contributor Author

one minor bit: the text "In order to advance to Proposed Recommendation ," should be updated with the latest charter template.

Fixed in w3c/charter-drafts@4db4b61

@svgeesus
Copy link
Contributor Author

The list of changes since the 2021 WD is very small, which is probably why a re-review was not requested. However, perhaps in consequence, it still has one Privacy and Security section.

@simoneonofri MQ5 now has separate Security and Privacy sections, and each links to the relevant issues list. w3c/csswg-drafts@e59fec8

@siusin
Copy link

siusin commented Nov 18, 2024

It'd be nice to record changes in this update in the charter history table.

svgeesus added a commit to w3c/charter-drafts that referenced this issue Nov 18, 2024
@plehegar
Copy link
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

8 participants