Improve fingerprinting of screen fold changes #46
Labels
privacy-tracker
Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Comments
samuelweiler
added
the
privacy-tracker
|
@darktears Thank you for raising this and #45. I've flagged both for tracking by PING, and I expect PING will upgrade both to -needs-resolution. |
kenchris
added a commit
to kenchris/device-posture
that referenced
this issue
Jun 3, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From blink-dev thread: https://groups.google.com/a/chromium.org/g/blink-dev/c/prHGPxF62i4
"Second, screen fold changes (either via onchange or polling) are an ephemeral fingerprinting vector. Given this API is meant for responsive design, we recommend limiting it to visible browsing contexts. I see section 7.2 does constrain onchange for UX reasons. It should also be listed under “Security and Privacy considerations”. The mitigation should also be applied to other ways to query the property, such as polling. (Perhaps defer all updates to the page’s copy of the state until visible, not just the onchange event, or leave the APIs and CSS queries unavailable to hidden pages altogether.)"
The text was updated successfully, but these errors were encountered: