search

WICG / proposals

A home for well-formed proposed incubations for the web platform. All proposals welcome.
https://wicg.io/
Other
229 stars 14 forks source link

Privacy Factor for Form Fields #29

Open pshikli opened 3 years ago

pshikli commented 3 years ago

In our line of work, we provide online tech support, often using popular screen sharing software like Google Hangouts, Microsoft Teams, Zoom, and many others. The request can be from a user stuck on a form that includes sensitive information. Consider the use case of a disabled person stuck on an inaccessible ecommerce order form where the user and vendor are both quite interested in the successful placement of an order, perhaps the final form in the process.

Such users often have sensitive information such as a credit card number as a value displayed on the form. Sharing that screen as-is presents a security liability that neither the user nor we as support people wish to accept, even when the problem to address has nothing to do with such private information.

We are open to any solution to this problem, but lacking the W3C braintrust, we have come up with a method to assign and use privacy factors to hide such private field values. The web designer assigns default integer values from 1 (low vulnerability) to 9 (high vulnerability) to each field. A first name may get a 1 for example, but a credit card number or social security number may get a 9. Atop such a form is a Private/Public toggle button. Clicking it temporarily displays asterisks in place of values above a 5 threshold. The display thus becomes suitable for screen sharing.

It is also suitable for users who wish to hide fields from passing eyes, perhaps filling in medical forms.

We have posted a demo of the above at http://privacy.bizwaredev.com with optional features to change the threshold from the default 5 for users who wish more or less security overall. It also allows users to raise the security factor of a particular field if that has a sensitive value in their case, or to reduce it for their circumstance, for example, SS#: None.

There are many ways to achieve the above goal. If the W3C doesn't produce a standard, those many ways will each have their followers. Better would be if all web designers, remote support providers, and screen sharing app developers had a standard on which they could count on.

yoavweiss commented 6 months ago

Hey! The chairs noticed that this hasn't seen any recent activity and it doesn't seem like this got any implementation traction. For this kind of a proposal to move forward, it'd be good to get broader community support and implementation champions on board.

Adding a "looking for interest" label.