Move "fingerprinting vector" definition to Infra Standard

source

@@ -83,11 +83,6 @@
 
    .bad, .bad *:not(.X\58X) { color: gray; border-color: gray; background: transparent; }
 
-   .fingerprint { position: absolute; right: 0; z-index: 5; }
-   @media (max-width: 767px) {
-     .fingerprint { max-width: 35px; }
-   }
-
    .applies .yes, .yesno .yes { background: yellow; }
    .yesno .yes, .yesno .no { text-align: center; }
 
@@ -792,95 +787,6 @@ interface <dfn data-x="">Example</dfn> {
 
 
 
-  <h3 id="fingerprint">Privacy concerns</h3>
-
-  <!-- NON-NORMATIVE SECTION -->
-
-  <p>Some features of HTML trade user convenience for a measure of user privacy.</p>
-
-  <p>In general, due to the Internet's architecture, a user can be distinguished from another by the
-  user's IP address. IP addresses do not perfectly match to a user; as a user moves from device to
-  device, or from network to network, their IP address will change; similarly, NAT routing, proxy
-  servers, and shared computers enable packets that appear to all come from a single IP address to
-  actually map to multiple users. Technologies such as onion routing can be used to further
-  anonymize requests so that requests from a single user at one node on the Internet appear to come
-  from many disparate parts of the network.</p>
-
-  <p>However, the IP address used for a user's requests is not the only mechanism by which a user's
-  requests could be related to each other. Cookies, for example, are designed specifically to enable
-  this, and are the basis of most of the Web's session features that enable you to log into a site
-  with which you have an account.</p>
-
-  <p>There are other mechanisms that are more subtle. Certain characteristics of a user's system can
-  be used to distinguish groups of users from each other; by collecting enough such information, an
-  individual user's browser's "digital fingerprint" can be computed, which can be as good, if not
-  better, as an IP address in ascertaining which requests are from the same user.</p>
-
-  <p>Grouping requests in this manner, especially across multiple sites, can be used for both benign
-  (and even arguably positive) purposes, as well as for malevolent purposes. An example of a
-  reasonably benign purpose would be determining whether a particular person seems to prefer sites
-  with dog illustrations as opposed to sites with cat illustrations (based on how often they visit
-  the sites in question) and then automatically using the preferred illustrations on subsequent
-  visits to participating sites. Malevolent purposes, however, could include governments combining
-  information such as the person's home address (determined from the addresses they use when getting
-  driving directions on one site) with their apparent political affiliations (determined by
-  examining the forum sites that they participate in) to determine whether the person should be
-  prevented from voting in an election.</p>
-
-  <p>Since the malevolent purposes can be remarkably evil, user agent implementors are encouraged to
-  consider how to provide their users with tools to minimize leaking information that could be used
-  to fingerprint a user.</p>
-
-  <p>Unfortunately, as the first paragraph in this section implies, sometimes there is great benefit
-  to be derived from exposing the very information that can also be used for fingerprinting
-  purposes, so it's not as easy as simply blocking all possible leaks. For instance, the ability to
-  log into a site to post under a specific identity requires that the user's requests be
-  identifiable as all being from the same user, more or less by definition. More subtly, though,
-  information such as how wide text is, which is necessary for many effects that involve drawing
-  text onto a canvas (e.g. any effect that involves drawing a border around the text) also leaks
-  information that can be used to group a user's requests. (In this case, by potentially exposing,
-  via a brute force search, which fonts a user has installed, information which can vary
-  considerably from user to user.)</p>
-
-  <p w-nodev>Features in this specification which can be <dfn data-x="fingerprinting vector">used to
-  fingerprint the user</dfn> are marked as this paragraph is.
-  <!--INSERT FINGERPRINT-->
-  </p>
-
-  <p>Other features in the platform can be used for the same purpose, though, including, though not
-  limited to:</p>
-
-  <ul>
-
-   <li>The exact list of which features a user agents supports.</li>
-
-   <li>The maximum allowed stack depth for recursion in script.</li>
-
-   <li>Features that describe the user's environment, like Media Queries and the <code>Screen</code>
-   object. <ref spec=MQ> <ref spec=CSSOMVIEW></li>
-
-   <li>The user's time zone.</li>
-
-  </ul>
-
-
-  <h4 id="fingerprint-postMessage">Cross-site communication</h4>
-
-  <p>The <code data-x="dom-window-postMessage">postMessage()</code> API provides a mechanism by
-  which two sites can communicate directly. At first glance, this might appear to open a new way by
-  which the problems described above can occur. However, in practice, multiple mechanisms exist by
-  which two sites can communicate that predate this API: a site embedding another can send data via
-  an <code>iframe</code> element's dimensions; a site can use a cross-site image request with a
-  unique identifier known to the server to initiate a server-side data exchange; or indeed the
-  fingerprinting techniques described above can be used by two sites to uniquely identify a visitor
-  such that information can then be exchanged on the server side.</p>
-
-  <p>Fundamentally, users that do not trust a site to treat their information with respect have to
-  avoid visiting that site at all.</p>
-
-
-
-
   <h3>A quick introduction to HTML</h3>
 
   <!-- NON-NORMATIVE SECTION -->
@@ -2357,6 +2263,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      <li>The general iteration terms <dfn data-x-href="https://infra.spec.whatwg.org/#iteration-while">while</dfn>,
              <dfn data-x-href="https://infra.spec.whatwg.org/#iteration-continue">continue</dfn>, and
              <dfn data-x-href="https://infra.spec.whatwg.org/#iteration-break">break</dfn>.</li>
+     <li id="fingerprint"><dfn id="fingerprinting-vector" data-x-href="https://infra.spec.whatwg.org/#fingerprinting-vector">fingerprinting vector</dfn>
      <li><dfn data-x-href="https://infra.spec.whatwg.org/#code-point">code point</dfn> and its synonym
          <dfn data-x-href="https://infra.spec.whatwg.org/#code-point">character</dfn></li>
      <li><dfn data-x-href="https://infra.spec.whatwg.org/#surrogate">surrogate</dfn></li>
@@ -95204,6 +95111,22 @@ function receiver(e) {
   </div>
 
 
+  <h4 id="fingerprint-postMessage">Privacy concerns</h4>
+
+  <p>The <code data-x="dom-window-postMessage">postMessage()</code> API provides a mechanism by
+  which two sites can communicate directly. At first glance, this might appear to open a new way by
+  which the problems surrounding <span data-x="fingerprinting vector">fingerprinting vectors</span>
+  can occur. However, in practice, multiple mechanisms exist by which two sites can communicate that
+  predate this API: a site embedding another can send data via an <code>iframe</code> element's
+  dimensions; a site can use a cross-site image request with a unique identifier known to the server
+  to initiate a server-side data exchange; or indeed the fingerprinting techniques can be used by
+  two sites to uniquely identify a visitor such that information can then be exchanged on the server
+  side.</p>
+
+  <p>Fundamentally, users that do not trust a site to treat their information with respect have to
+  avoid visiting that site at all.</p>
+
+
 <!--ADD-TOPIC:Security-->
   <h4 id="security-postmsg">Security</h4>