Comments (5)
annevk
commented on August 14, 2024
2
Correcting the HTTP field is still an open issue: #6.
The member of Navigator should always be present as conditionally hiding interface members is rather unprecedented and there's no good reason to do so.
As with the header we should just give guidance that websites only pay attention to the true state.
(And yes, we wouldn't transmit the header in its false state, but that's just because it's a different mechanism and we want to be efficient on the wire.)
from gpc-spec.
martinthomson
commented on August 14, 2024
From an implementation perspective, having support for a feature means that the associated interfaces and items are present.
The difference with HTTP is that boolean fields that are not present are simply assumed to be false (I know you aren't using modern definitions for fields -- naughty -- but that is the best way to model Sec-GPC).
I guess the real question is whether we should invest in making the attribute hidden when GPC has not been enabled. That is irregular, but I believe it is technically feasible. Is there a good reason not to expose a value of false?
from gpc-spec.
AramZS
commented on August 14, 2024
In the meeting of PrivacyCG for Jan 11 2024 we have concluded that the specification should note that the navigator property should always be present, regardless of value. This is standard practice and the fingerprinting risk at the browser level is already going to be there because it will be known from the major browser version number. Documents will be updated to make this clear
from gpc-spec.
npdoty
commented on August 14, 2024
Browser extension providers might possibly make a different choice (because their presence on a browser that doesn't support GPC could then be detected, and that could be an unnecessary and meaningful addition to fingerprinting surface), but could also reasonably conclude that not including the header at all when the user hasn't turned it on is compatible with feature-detection requirement in the spec: the user may not know about the feature at all and that effectively the feature isn't present for this user.
We could note somewhere in the spec that the navigator property definitely shouldn't be used to indicate that a user turned the setting off after turning it on at some point in the past. That is not what GPC means and not what this property should be used for. Probably no implementer would do that anyway and so a warning may be unnecessary; up to the editors.
from gpc-spec.
AramZS
commented on August 14, 2024
I think that #61's changes the explainer to make this clearer and makes the answer clear.
from gpc-spec.
Related Issues (20)
- Update gpc-spec links
- Ensure consistency between HTTP and JavaScript HOT 6
- Make the architecture support other privacy laws HOT 10
- Give UAs more help in establishing user intent HOT 7
- Legal Effects section may fall out of date HOT 5
- Set up explainer document in this repo with more detail for implementers HOT 6
- Are implementers expected to always have the header active or not? HOT 3
- Create consumer-facing GPC instructions HOT 1
- Mixed documentation on navigator.globalPrivacyControl returning 1 or true HOT 5
- Clarify when a Global Privacy Control preference needs to be conveyed
- Add direct identification for each jurisdiction HOT 1
- GPC spec status HOT 4
- Move laws to Explainer HOT 2
- ยง5 should end after the sentence "For additional details on legal effects, consult the explainer." HOT 2
- Respec
- I'll merge this. If any devs think we should change the glob pattern instead we can change the behavior in a secondary PR. HOT 1
- F
- Evaluation
- Notion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gpc-spec.