You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Permanent Identifiers MUST NOT be exposed to the application or origin.
This statement includes all permanent identifiers, including values that are shared by, for example, all users of a specific device model [2] or platform. This is not the intent and would likely prohibit any implementation that does not use Distinctive Identifiers.
Looking at the the commit that added this text, it appears this statement was intended to address the exception for Permanent Identifiers being per-origin in the normative text. However, I believe this should have been Distinctive Permanent Identifiers.
The lack of requirements around non-distinctive Permanent Identifiers, that is Permanent Identifiers that are not Distinctive Permanent Identifiers, would seem to indicate there are not significant concerns about these, and, as mentioned above, they are essentially required for implementations that avoid using user-specific Distinctive Identifiers.
[1] This is just used as a possible example. The spec does not say whether such a model key is distinctive. The spec says, "A Distinctive Permanent Identifier is a Permanent Identifier that is not shared across a large population of users or client devices," but "large population" is not defined. This bug and example use here does not change that.
The text was updated successfully, but these errors were encountered:
The NOTE in Use Per-Origin Per-Profile Identifiers currently [1] says:
This statement includes all permanent identifiers, including values that are shared by, for example, all users of a specific device model [2] or platform. This is not the intent and would likely prohibit any implementation that does not use Distinctive Identifiers.
Looking at the the commit that added this text, it appears this statement was intended to address the exception for Permanent Identifiers being per-origin in the normative text. However, I believe this should have been Distinctive Permanent Identifiers.
The lack of requirements around non-distinctive Permanent Identifiers, that is Permanent Identifiers that are not Distinctive Permanent Identifiers, would seem to indicate there are not significant concerns about these, and, as mentioned above, they are essentially required for implementations that avoid using user-specific Distinctive Identifiers.
[1] This is just used as a possible example. The spec does not say whether such a model key is distinctive. The spec says, "A Distinctive Permanent Identifier is a Permanent Identifier that is not shared across a large population of users or client devices," but "large population" is not defined. This bug and example use here does not change that.
The text was updated successfully, but these errors were encountered: