Skip to content

Commit

Permalink
deploy: 87ca58b
Browse files Browse the repository at this point in the history
  • Loading branch information
@jyasskin
jyasskin committed Sep 5, 2024
1 parent ec10386 commit cdb0bcc
Showing 1 changed file with 44 additions and 12 deletions.
56 changes: 44 additions & 12 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
<title>Self-Review Questionnaire: Security and Privacy</title>
<meta content="ED" name="w3c-status">
<link href="https://www.w3.org/StyleSheets/TR/2021/W3C-ED" rel="stylesheet">
<meta content="Bikeshed version a1dabb26c, updated Mon Jun 17 15:00:44 2024 -0700" name="generator">
<meta content="Bikeshed version 6270e4735, updated Tue Aug 6 12:12:30 2024 -0700" name="generator">
<link href="https://www.w3.org/TR/security-privacy-questionnaire/" rel="canonical">
<meta content="049513e69d7e4d95e7817d17c8f7836323f3fd2a" name="revision">
<meta content="87ca58b1cfd0e1d436a12bb1672b5cec97b75fef" name="revision">
<meta content="dark light" name="color-scheme">
<link href="https://www.w3.org/StyleSheets/TR/2021/dark.css" media="(prefers-color-scheme: dark)" rel="stylesheet" type="text/css">
<style>/* Boilerplate: style-autolinks */
Expand Down Expand Up @@ -569,7 +569,7 @@
<div class="head">
<p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
<h1 class="p-name no-ref" id="title">Self-Review Questionnaire: Security and Privacy</h1>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2024-07-17">17 July 2024</time></p>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2024-09-05">5 September 2024</time></p>
<details open>
<summary>More details about this document</summary>
<div data-fill-with="spec-metadata">
Expand Down Expand Up @@ -670,9 +670,10 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
<li><a href="#bfcache"><span class="secno">2.18</span> <span class="content"> What happens when a document that uses your feature is kept alive in BFCache
(instead of getting destroyed) after navigation, and potentially gets reused
on future navigations back to the document? </span></a>
<li><a href="#non-fully-active"><span class="secno">2.19</span> <span class="content"> What happens when a document that uses your feature gets disconnected? </span></a>
<li><a href="#accessibility-devices"><span class="secno">2.20</span> <span class="content"> Does your feature allow sites to learn about the users use of assistive technology? </span></a>
<li><a href="#missing-questions"><span class="secno">2.21</span> <span class="content"> What should this questionnaire have asked? </span></a>
<li><a href="#error-handling"><span class="secno">2.19</span> <span class="content"> Does your spec define when and how new kinds of errors should be raised? </span></a>
<li><a href="#non-fully-active"><span class="secno">2.20</span> <span class="content"> What happens when a document that uses your feature gets disconnected? </span></a>
<li><a href="#accessibility-devices"><span class="secno">2.21</span> <span class="content"> Does your feature allow sites to learn about the users use of assistive technology? </span></a>
<li><a href="#missing-questions"><span class="secno">2.22</span> <span class="content"> What should this questionnaire have asked? </span></a>
</ol>
<li>
<a href="#threats"><span class="secno">3</span> <span class="content">Threat Models</span></a>
Expand Down Expand Up @@ -1236,6 +1237,8 @@ <h3 class="question heading settled" data-level="2.15" id="private-browsing"><sp
<p>Using features to fingerprint a browser and correlate private and
non-private mode sessions for a given user. <a data-link-type="biblio" href="#biblio-olejnik-payments" title="Privacy of Web Request API">[OLEJNIK-PAYMENTS]</a></p>
</ul>
<p>Spec authors should avoid, as much as possible, making the presence of
private browsing mode detectable to sites. <a href="https://w3ctag.github.io/design-principles/#do-not-expose-use-of-private-browsing-mode">Web Platform Design Principles § do-not-expose-use-of-private-browsing-mode</a></p>
<h3 class="question heading settled" data-level="2.16" id="considerations"><span class="secno">2.16. </span><span class="content"> Does this specification have both "Security Considerations" and "Privacy
Considerations" sections? </span><a class="self-link" href="#considerations"></a></h3>
<p>Specifications should have both "Security Considerations" and "Privacy
Expand Down Expand Up @@ -1326,7 +1329,36 @@ <h3 class="question heading settled" data-level="2.18" id="bfcache"><span class=
This means after a user triggers activation once on a document,
the document will have sticky activation forever,
even after the user navigated away and back to it again. </div>
<h3 class="question heading settled" data-level="2.19" id="non-fully-active"><span class="secno">2.19. </span><span class="content"> What happens when a document that uses your feature gets disconnected? </span><a class="self-link" href="#non-fully-active"></a></h3>
<h3 class="heading settled" data-level="2.19" id="error-handling"><span class="secno">2.19. </span><span class="content"> Does your spec define when and how new kinds of errors should be raised? </span><a class="self-link" href="#error-handling"></a></h3>
<p>Error handling,
and what conditions constitute error states,
can be the source of unintended information leaks and privacy vulnerabilities.
Triggering an error,
what information is included with (or learnable by) the error,
and which parties in an application can learn about the error can all
effect (or weaken) user privacy.
Proposal authors should carefully think
through each of these dimensions to ensure that user privacy and security are
not harmed through error handling.</p>
<p>A partial list of how error definitions and error handling can put
users at risk include:</p>
<ul>
<li data-md>
<p>If your spec defines an error state based whether certain system resources
are available,
applications can use that error state as a probe to learn
about the availability of those system resources.
This can harm user privacy
when user agents do not intend for applications to learn about those system
resources.</p>
<li data-md>
<p>Specs often include information with error objects that are intended to help
authors identify and debug issues in applications.
Spec authors should
carefully think through what information such debugging information exposes,
and whether (and which) actors on a page are able to access that information.</p>
</ul>
<h3 class="question heading settled" data-level="2.20" id="non-fully-active"><span class="secno">2.20. </span><span class="content"> What happens when a document that uses your feature gets disconnected? </span><a class="self-link" href="#non-fully-active"></a></h3>
If the iframe element containing a document gets disconnected,
the document will no longer be <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active" id="ref-for-fully-active⑥">fully active</a>.
The document will never become fully active again,
Expand All @@ -1336,7 +1368,7 @@ <h3 class="question heading settled" data-level="2.19" id="non-fully-active"><sp
You may follow the guidelines for <a href="bfcache">BFCache</a> mentioned above,
as we expect BFCached and detached documents to be treated the same way,
with the only difference being that BFCached documents can become <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active" id="ref-for-fully-active⑦">fully active</a> again.
<h3 class="question heading settled" data-level="2.20" id="accessibility-devices"><span class="secno">2.20. </span><span class="content"> Does your feature allow sites to learn about the users use of assistive technology? </span><a class="self-link" href="#accessibility-devices"></a></h3>
<h3 class="question heading settled" data-level="2.21" id="accessibility-devices"><span class="secno">2.21. </span><span class="content"> Does your feature allow sites to learn about the users use of assistive technology? </span><a class="self-link" href="#accessibility-devices"></a></h3>
The Web is designed to work for everyone, and Web standards should be designed
for people using assistive technology (<abbr title="assistive technology">AT</abbr>) just as much as for users relying
on mice, keyboards, and touch screens. Accessibility and universal access
Expand Down Expand Up @@ -1367,7 +1399,7 @@ <h3 class="question heading settled" data-level="2.20" id="accessibility-devices
content the user was interacting with, and so whether assistive technology
was being used.</p>
<p></p>
<h3 class="question heading settled" data-level="2.21" id="missing-questions"><span class="secno">2.21. </span><span class="content"> What should this questionnaire have asked? </span><a class="self-link" href="#missing-questions"></a></h3>
<h3 class="question heading settled" data-level="2.22" id="missing-questions"><span class="secno">2.22. </span><span class="content"> What should this questionnaire have asked? </span><a class="self-link" href="#missing-questions"></a></h3>
<p>This questionnaire is not exhaustive.
After completing a privacy review,
it may be that
Expand Down Expand Up @@ -1867,7 +1899,7 @@ <h2 class="no-num no-ref heading settled" id="references"><span class="content">
<h3 class="no-num no-ref heading settled" id="normative"><span class="content">Normative References</span><a class="self-link" href="#normative"></a></h3>
<dl>
<dt id="biblio-design-principles">[DESIGN-PRINCIPLES]
<dd>Sangwhan Moon; Lea Verou. <a href="https://w3ctag.github.io/design-principles/"><cite>Web Platform Design Principles</cite></a>. URL: <a href="https://w3ctag.github.io/design-principles/">https://w3ctag.github.io/design-principles/</a>
<dd>Lea Verou. <a href="https://w3ctag.github.io/design-principles/"><cite>Web Platform Design Principles</cite></a>. URL: <a href="https://w3ctag.github.io/design-principles/">https://w3ctag.github.io/design-principles/</a>
<dt id="biblio-html">[HTML]
<dd>Anne van Kesteren; et al. <a href="https://html.spec.whatwg.org/multipage/"><cite>HTML Standard</cite></a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
<dt id="biblio-indexeddb-3">[IndexedDB-3]
Expand Down Expand Up @@ -1898,7 +1930,7 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
<dt id="biblio-doty-geolocation">[DOTY-GEOLOCATION]
<dd>Nick Doty, Deirdre K. Mulligan, Erik Wilde. <a href="https://escholarship.org/uc/item/0rp834wf"><cite>Privacy Issues of the W3C Geolocation API</cite></a>. URL: <a href="https://escholarship.org/uc/item/0rp834wf">https://escholarship.org/uc/item/0rp834wf</a>
<dt id="biblio-encrypted-media">[ENCRYPTED-MEDIA]
<dd>David Dorwin; et al. <a href="https://w3c.github.io/encrypted-media/"><cite>Encrypted Media Extensions</cite></a>. URL: <a href="https://w3c.github.io/encrypted-media/">https://w3c.github.io/encrypted-media/</a>
<dd>Joey Parrish; Greg Freedman. <a href="https://w3c.github.io/encrypted-media/"><cite>Encrypted Media Extensions</cite></a>. URL: <a href="https://w3c.github.io/encrypted-media/">https://w3c.github.io/encrypted-media/</a>
<dt id="biblio-fingerprinting-guidance">[FINGERPRINTING-GUIDANCE]
<dd>Nick Doty. <a href="https://w3c.github.io/fingerprinting-guidance/"><cite>Mitigating Browser Fingerprinting in Web Specifications</cite></a>. URL: <a href="https://w3c.github.io/fingerprinting-guidance/">https://w3c.github.io/fingerprinting-guidance/</a>
<dt id="biblio-fullscreen">[FULLSCREEN]
Expand Down Expand Up @@ -2154,7 +2186,7 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
let dfnPanelData = {
"05d1562e": {"dfnID":"05d1562e","dfnText":"third-party context","external":true,"refSections":[{"refs":[{"id":"ref-for-third-party-context"}],"title":"2.6. \n Do the features in your specification introduce state\n that persists across browsing sessions?\n"}],"url":"https://privacycg.github.io/storage-access/#third-party-context"},
"0e0909b7": {"dfnID":"0e0909b7","dfnText":"form-action","external":true,"refSections":[{"refs":[{"id":"ref-for-form-action"}],"title":"2.4. \n How do the features in your specification deal with sensitive information?\n"}],"url":"https://w3c.github.io/webappsec-csp/#form-action"},
"0e3ba9f8": {"dfnID":"0e3ba9f8","dfnText":"fully active","external":true,"refSections":[{"refs":[{"id":"ref-for-fully-active"},{"id":"ref-for-fully-active\u2460"},{"id":"ref-for-fully-active\u2461"},{"id":"ref-for-fully-active\u2462"},{"id":"ref-for-fully-active\u2463"},{"id":"ref-for-fully-active\u2464"}],"title":"2.18. \n What happens when a document that uses your feature is kept alive in BFCache\n (instead of getting destroyed) after navigation, and potentially gets reused\n on future navigations back to the document?\n"},{"refs":[{"id":"ref-for-fully-active\u2465"},{"id":"ref-for-fully-active\u2466"}],"title":"2.19. \n What happens when a document that uses your feature gets disconnected?\n"}],"url":"https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active"},
"0e3ba9f8": {"dfnID":"0e3ba9f8","dfnText":"fully active","external":true,"refSections":[{"refs":[{"id":"ref-for-fully-active"},{"id":"ref-for-fully-active\u2460"},{"id":"ref-for-fully-active\u2461"},{"id":"ref-for-fully-active\u2462"},{"id":"ref-for-fully-active\u2463"},{"id":"ref-for-fully-active\u2464"}],"title":"2.18. \n What happens when a document that uses your feature is kept alive in BFCache\n (instead of getting destroyed) after navigation, and potentially gets reused\n on future navigations back to the document?\n"},{"refs":[{"id":"ref-for-fully-active\u2465"},{"id":"ref-for-fully-active\u2466"}],"title":"2.20. \n What happens when a document that uses your feature gets disconnected?\n"}],"url":"https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active"},
"3a2db83f": {"dfnID":"3a2db83f","dfnText":"localStorage","external":true,"refSections":[{"refs":[{"id":"ref-for-dom-localstorage"}],"title":"2.6. \n Do the features in your specification introduce state\n that persists across browsing sessions?\n"}],"url":"https://html.spec.whatwg.org/multipage/webstorage.html#dom-localstorage"},
"4780b3e9": {"dfnID":"4780b3e9","dfnText":"first-party-site context","external":true,"refSections":[{"refs":[{"id":"ref-for-first-party-site-context"}],"title":"2.6. \n Do the features in your specification introduce state\n that persists across browsing sessions?\n"}],"url":"https://privacycg.github.io/storage-access/#first-party-site-context"},
"61cd38cd": {"dfnID":"61cd38cd","dfnText":"FormData","external":true,"refSections":[{"refs":[{"id":"ref-for-formdata"}],"title":"2.4. \n How do the features in your specification deal with sensitive information?\n"}],"url":"https://xhr.spec.whatwg.org/#formdata"},
Expand Down

0 comments on commit cdb0bcc

Please sign in to comment.