add early draft of explainer for TAG, including security and privacy questionnaire #1521
Conversation
| This makes it hard to think about security issues. In order to read EPUB files, I generally have to give personally-identifying information like a credit card number to the ebook retailer. They have likely substantially altered the original EPUB, for example by applying digital rights management to the constituent files. Most of the security implications around EPUB depend on the architectural details and the business model of the reading system. | ||
|
|
||
| It's hard to even reason about how HTML's security issues affect EPUB. If I read an EPUB on the Google Play app on an Android tablet, what risks am I exposed to? Can any of those risks be mitigated by the design of the EPUB specification? | ||
|
|
There was a problem hiding this comment.
Again, let us avoid statements that may turn back on us. I would certainly 'soften' the first sentence, but I wonder whether this whole paragraph could be dropped.
We should also make it clearer (and more upbeat) that the security/privacy implication of handling individual content files (HTML, SVG) are based on the security/privacy features of those formats. We should emphasize that the EPUB specification in no ways softens/weakens those requirements, that we give a clear requirement on what the origins are, etc.
|
|
||
| ### 8. What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts. | ||
|
|
||
| ?? |
| ### 10. Does this specification allow an origin to access other devices? | ||
|
|
||
| EPUB reading systems often implement syncing behaviour across multiple devices with the same user account. This is not required or mentioned by the spec. | ||
|
|
There was a problem hiding this comment.
Isn't again the point that we define what our origin is, which has consequences for such questions (and whose answer does not depend on this spec)?
|
|
||
| ### 12. What temporary identifiers might this this specification create or expose to the web? | ||
|
|
||
| I am not aware of any. |
There was a problem hiding this comment.
Fair enough. My concern was with temporary identifiers created by reading systems—just look at a typical URL for a web-based EPUB reading system. But that is not part of the spec.
|
The issue was discussed in a meeting on 2021-03-18
View the transcript4. TAG ExplainerSee github pull request #1521. Dave Cramer: I haven't really worked on this in a while, but there are a bunch of edits still to be made based on Ivan's comments Wendy Reid: this PR is for an explainer that we submit to TAG alongside spec Dave Cramer: its mostly about security and privacy issues Brady Duga: yes, I can take a look |
|
I'm closing this and opening another, due to various problems with my fork. |
This is just the very beginning of a long process... I started trying to answer the questions in the security and privacy questionnaire.
Preview | Diff