Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Screen labels seem especially privacy risking and identifying #121

Open
pes10k opened this issue Dec 2, 2022 · 0 comments
Open

Screen labels seem especially privacy risking and identifying #121

pes10k opened this issue Dec 2, 2022 · 0 comments
Labels
privacy-needs-resolution Issue the Privacy Group has raised and looks for a response on.

Comments

@pes10k
Copy link

pes10k commented Dec 2, 2022

This issue is being filed as part of the requested PING privacy review #106

The spec currently reveals monitor labels to sites through getScreenDetails. As the spec notes, this has a very high privacy risk for reidentifying people. I think thats true in the case the spec identifies (i.e., a serial number in the device label), but I think its probably true even if there are no serial numbers included (the number of people who are using any two specific kinds of different monitors is going to be very small as a % of web users, and i bet you're close to a unique identifier if someone is using three or more monitors).

The spec should either specifically descibe how implementors should "sanitize" device labels so that they are not privacy harming, or otherwise address the high risk of re-identification here
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
privacy-needs-resolution Issue the Privacy Group has raised and looks for a response on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pes10k