Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try using the privacy principles to analyze the Environment Integrity API proposal #271

Open
jyasskin opened this issue May 17, 2023 · 4 comments
Assignees

Comments

@jyasskin
Copy link
Collaborator

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md is a proposal to allow users to prove to websites that they're using a trustworthy device. This is somewhat similar to Safari's Private Access Tokens. The explainer speculates about also proving that the user is running a particular user agent, but that's not a definite part of the proposal yet.

An obvious downside of such a system, especially if user agent identity is included, is that sites might require that users use particular "trustworthy" operating systems or user agents in order to browse those sites. To combat that, the explainer suggests that a fraction of devices could refuse to prove their own software stack, even if they technically could do so. Such a "holdback" would be good for users of minority operating systems and browsers, and probably good for the web as a whole. However, it would likely mean that the particular held back users would see more CAPTCHAs or other bot-prevention UI, which would be bad for those users. Is that an example of the UA being disloyal? If so, do we want the Privacy Principles to say that this disloyalty breaches a duty that UAs owe to their users?

@domfarolino
Copy link

Per the loyalty definition:

and instead benefits another actor

Who would the other actor be that benefits from the holdback, if not the user?

@jyasskin
Copy link
Collaborator Author

Other users benefit.

@domfarolino
Copy link

I see. I guess I considered all "users" to be the same actor here, since the current user may move in and out of the holdback group over long periods of time and become indistinguishable from the rest at some point, and the holdback/extra "processing" exists to help all of them. I could just be holding the terms wrong though!

@darobin darobin self-assigned this Oct 25, 2023
@darobin
Copy link
Member

darobin commented May 8, 2024

We are considering moving UA parts out of the this document, after the statement. This analysis should be part of it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants