Rewrite privacy considerations on fingerprinting in start_url #1114

mgiuca · 2024-03-07T05:49:30Z

This change (choose at least one, delete ones that don't apply):

Adds new normative recommendations or optional items

(No implementation commitment required as it adds a MAY requirement.)

Commit message:

Rewrite privacy considerations on fingerprinting in start_url.

There is a "MUST NOT" requirement for developers about putting user data
in the start_url. This is not enforceable, so rewriting the paragraph:

1. Removed this requirement for developers.
2. Added a non-normative note that tells developers it would be
   irresponsible to do this (but acknowledging that we can't practically
   prevent it).
3. Added a MAY requirement for user agents to offer to uninstall apps
   associated with an origin when clearing site data.

Preview | Diff

mgiuca · 2024-03-07T05:50:23Z

@marcoscaceres the change is a bit hard to read because it's based off of #1112 which runs tidy and other changes. The relevant changed section is around line 810.

index.html

marcoscaceres · 2024-05-01T06:13:23Z

index.html

-          developer would prefer the user agent load when the user launches the
-          web application (e.g., when the user clicks on the icon of the web
-          application from a device's application menu or homescreen).
+          represents the <dfn data-export="">start URL</dfn> , which is


I'm still a bit worried about exporting "start URL" without an associated thing... could it be:

Suggested change

represents the <dfn data-export="">start URL</dfn> , which is

represents the <dfn class"export" data-dfn-for="installed web application">start URL</dfn> , which is

And yes, we still need a formal definition of a "web application".....

Actually, seems we have defined "installed web application" 🎉

This is commenting on a PR that was already submitted (#1112). (It just got caught up in this PR's delta because it wasn't submitted at the time I uploaded this.) I've rebased now, which should make things clearer.

You may be right, but I would like you to put this up as a separate PR if you don't mind. It's a bit complex as I've now got text in manifest-incubations which links to this and will have to be updated when you make this change.

marcoscaceres

Sorry for the delay... some suggestions.

There is a "MUST NOT" requirement for developers about putting user data in the start_url. This is not enforceable, so rewriting the paragraph: 1. Removed this requirement for developers. 2. Added a non-normative note that tells developers it would be irresponsible to do this (but acknowledging that we can't practically prevent it). 3. Added a MAY requirement for user agents to offer to uninstall apps associated with an origin when clearing site data.

Co-authored-by: Marcos Cáceres <marcos@marcosc.com>

mgiuca · 2024-05-01T06:25:57Z

Thanks for the review. I've rebased so it's now current against HEAD.

I accepted most of your suggestions, just pushing back against the new sentence about UAs messing with start URLs.

marcoscaceres · 2024-05-02T22:14:20Z

Thanks @mgiuca. I agree that until such times that user agents strip things out (if ever) then there is probably no need to mention it. Just as an example, I think mail.app does strip out known identifiers... so there is some precedent.

SHA: 2a8fc0a Reason: push, by marcoscaceres Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

SHA: 2a8fc0a Reason: push, by dmurph Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

mgiuca requested a review from marcoscaceres March 7, 2024 05:49