imageURL privacy #139
Comments
|
In the original proposal, this URL needed to be converted to a data url before being sent to the authenticator. |
|
I did not find a discussion here in the issues list. Was this discussed and consciously removed? |
equalsJeffH
added
the
privacy-tracker
|
[TPAC 2016] Options: Restrict to same-origin as the credential; Specify the time of load so it won't correlate to user action; Limit to data-urls ... |
|
What if we just remove the icon altogether? Save some space on the authenticator. The selection UI will be okay -- there is still a username. We'll gain privacy and lose complexity... |
|
Please remind me, why isn't icon part of PublicKeyCredentialUserEntity? I think it is valuable to have icon images e.g. if the authenticator is implemented on a smart watch or smart phone. My opinion: |
|
@AxelNennker icon is part of PublicKeyCredentialUserEntity. This object inherits from the PublicKeyCredentialEntity. |
|
@leshi From what I read, the account chooser UI is better because it incorporates the image. @selfissued and other identity folks can comment more on the UI. I am not sure if we are actually gaining privacy. At the end of the day, image is just another piece of data. The RP already supplies the name of the user, which can be used to identify the user. Comparatively image is probably more difficult to be use for privacy attacks. In the meantime, adding icon adds a lot of UX improvement (from what I heard). |
Should the spec mention that retrieving the image from a site leaks information to that site?
Should the platform show the image only after user consent is given that a credential should be created if the imageURL is not a data URL?
Should the spec recommend that the image should be retrieved once and the image data be stored by the platform? What if the user updates the image at the RP?
Should the imageURL be constrained to secure-contexts?
The text was updated successfully, but these errors were encountered: