brave-experiments / standards-positions

Experiment for discussing web standards in GitHub issues
Mozilla Public License 2.0
1 stars 1 forks source link

Reporting API #3

Open pes10k opened 5 years ago

pes10k commented 5 years ago

https://w3c.github.io/reporting/

Reporting API aims to be a generalization of CSP reporting, but for use in other cases (crash reports, network errors, deprecation errors, etc).

I think we should not implement unless its opt in, for two broad reasons:

not user serving This is explicitly designed to help web application developers, an individual user, at the margin, sees no benefit from it (and some harm / privacy risk). Its a favor from the user to the site owner, and should be treated as such (e.g. opt in). https://github.com/w3c/reporting/issues/168

privacy concerns These have a weird lifetime (they live beyond the lifetime of the page), currently have no restriction on who they can be communicated to, they send message as POST so less info for URL based blocking to operate, etc. https://github.com/w3c/reporting/issues/169

My vote is to push for making the above changes to the standard, w/ the current authors, and to revisit a brave position if thats not successful

fmarier commented 5 years ago

That second link should be https://github.com/w3c/reporting/issues/169.