Closed diekus closed 10 months ago
that seems fine, however I would change url
to manifest_id
.
The issue here is a 'store' would be able to uniquely fingerprint a user by querying for a bunch of permissive apps; I don't think rate limiting is an adequate protection against it either.
'store' really could be any website on the web and we then have a cross site signal that can't easily be cleared by the user (nor would be obvious it's a tracking vector).
I think there are three use-cases here:
An open question is to reverse this default during dev/origin trial to experiment what is the best course of action while the feature gets traction among developers.
I think this line should be removed, you'd be allowing all websites to query all installed apps even outside of cases where they're colluding to track users.
If the browser has an active 'Do Not Track' setting, the inquire field is ignored and installation origins will not be allowed to know if that application is installed.
I think this probably could be broadened to suggest the UA can decide when to honour (eg: DNT, GPC, private browsing mode or privacy opinionated browsers)
@jonathanKingston the shape of the API removes the isInstalled
method. The new proposal has a getRelatedApps
that returns apps installed from the installation domain. This is not persistent over cache clearing and behaves similar to the partitioning history proposal for visited links.
If there is an
inquire
field in the manifest file'sinstall_sources
, there should be a method that allows an origin to query this information. Would anavigator.isInstalled(url)
method be a good way of querying this, ONLY if the origin is allowed to do so as stated in the PWA's manifest file?https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/WebInstall/explainer.md#privacy-and-security-considerations
cc @amandabaker @HowardWolosky @dmurph