Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privacy differences between declarative and imperative forms of API #19

Closed
dbaron opened this issue Mar 4, 2020 · 3 comments
Closed

privacy differences between declarative and imperative forms of API #19

dbaron opened this issue Mar 4, 2020 · 3 comments

Comments

@dbaron
Copy link

dbaron commented Mar 4, 2020

@hober, @hadleybeeman and I are looking at w3ctag/design-reviews#391 in a breakout at our Wellington face-to-face.

There appears to be a somewhat substantive difference between the privacy characteristics of the declarative version and the imperative API. With the declarative version, the user is proving that they're in possession of the device with that phone number (or closely communicating with the person in possession of it), but with the API version they're proving that the web site access is actually happening on the device with that phone number. While this may not be a huge difference, it does seem like it could be substantive in a number of cases.

We're curious what you think about this difference and whether it influences your opinions on the tradeoffs between the two forms of the API. It also seems like this difference should perhaps be discussed in the explainer and/or the responses to the Security and Privacy Questionnaire.
@dbaron dbaron mentioned this issue Mar 4, 2020
Closed
5 tasks
@sso-google
Copy link

Interesting point, but the imperative API doesn't necessarily mean the SMS arrived on this device (for example, it could be received on another device and sync'ed across devices, as discussed for support on desktop when Chrome has the same user signed-in). So I'm not sure if this particular difference is substantive?

@dbaron
Copy link
Author

dbaron commented Mar 18, 2020

I suppose implementing that sort of sync (if it's both implemented and reasonably widely used) would mitigate this.

@samuelgoto
Copy link
Collaborator

samuelgoto commented Mar 19, 2020
edited
Loading

That's a very interesting observation, but like @sso-google said, there isn't any guarantee in the API design that the retrieval is happening at the specific device.

Here is an example of early implementation in that direction:

https://chromium-review.googlesource.com/c/chromium/src/+/1868049

and more over here if you want to get a sense of how far ahead we are at:

https://chromium-review.googlesource.com/q/owner:goto%2540chromium.org

I suppose implementing that sort of sync (if it's both implemented and reasonably widely used) would mitigate this.

If you are feeling adventurous, you can even try it yourself :)

chrome://flags#sms-receiver-cross-device

Given this, I'm going to resolve. Feel free to re-open if the answer isn't satisfying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dbaron @samuelgoto @sso-google