Open CanadaHonk opened 1 year ago
Adding general privacy concern about exposing prefers-*
things. We need a general position on all prefers-*
, as they serve as a finger printing vector.
Fwiw, I wrote the patch implementing it to Gecko and it was agreed to disable by default for now due to fingerprinting concerns also.
There's a PR for this at https://github.com/WebKit/WebKit/pull/11560
Any further thoughts on this specific media query?
Fwiw, I wrote the patch implementing it to Gecko and it was agreed to disable by default for now due to fingerprinting concerns also.
To add to this I'm also currently implementing this in chrome. It's behind the experimental flag atm.
https://github.com/mozilla/standards-positions/issues/851 I've filed a separate Mozilla position issue specifically related to this media query.
Fwiw this is shipping in chrome 118.
@lukewarlow wrote in https://github.com/w3ctag/design-reviews/issues/881:
Organization(s)/project(s) driving the specification:
- @cookiecrook by implementing https://github.com/w3c/csswg-drafts/pull/1709
and
Major unresolved issues with or opposition to this specification: adds a fingerprinting vector
Additional context on why this isn't implemented in WebKit yet found in CSS #8651 (quoting):
Note on Fingerprinting
[Several proposed media features, including this one] are subject to changes based on the outcome of https://github.com/WebKit/standards-positions/issues/145 and other related privacy issues. We debated not proposing https://github.com/w3c/csswg-drafts/issues/8651 until after privacy issues with @media/matchMedia() had been resolved, but decided to propose it here anyway to further the discussion.
To unblock things, would it help if Safari (and possible other UAs) added a preference “Allow websites to cater their UI to my personal preferences and settings” and have that turned off by default? When turned off, all prefers-*
MQs would report the default value. An exception to this could be the prefers-color-scheme
one (and maybe others as well?).
That way, the APIs can be supported while users (by default) remain protected.
Fwiw Gecko's prefers-reduced-transparency
and inverted-colors
continue to be off by default due to fingerprinting/privacy concerns.
@bramus I've raised a similar idea on the interop issue for this. Making some (I agree at least color scheme should be on by default) disabled by default makes it a very deliberate opt in for these new media queries to actually expose your preferences? Begs the question whether a UI can allow for meaningful consent but it doesn't need to be overly visible provided the people who need it can find it.
Fwiw I made an interop 2024 proposal for this MQ and then decide it would probably be better to raise an investigation effort into resolving these privacy concerns. See https://github.com/web-platform-tests/interop/issues/515 might be best to discuss further in there?
@bramus wrote:
would it help if Safari (and possible other UAs) added a preference “Allow websites to cater their UI to my personal preferences and settings” and have that turned off by default? When turned off, all prefers-* MQs would report the default value. An exception to this could be the prefers-color-scheme one (and maybe others as well?).
We (Apple WebKit contributors specifically and the CSS Working Group more generally) have discussed various accessibility-related user prompts over the years. The main argument against your proposal I remember is that the vast majority of users will not understand that “Allow websites to cater their UI to my personal settings” also means “Allow websites to track me more easily.”
Request for position on an emerging web specification
Information about the specification
prefers-reduced-transparency
Design reviews and vendor positions
Bugs tracking this feature
Anything else we need to know
Whilst this is part of Media Queries Level 5, it is unclear whether this is generally accepted by vendors due to a potential fingerprinting risk. Would be good to have an opinion from WebKit if possible. Thanks!