Although privacy is of course the more relevant question, security considerations should also be addressed in any specification, even if only to say there are none.
The main difference would be to think in terms of attackers and defenders, instead of colluding parties. E.g. is there a way a subframe could get info on the top-level site, using the topics API? Or vice versa? Things like that.
Although privacy is of course the more relevant question, security considerations should also be addressed in any specification, even if only to say there are none.
The main difference would be to think in terms of attackers and defenders, instead of colluding parties. E.g. is there a way a subframe could get info on the top-level site, using the topics API? Or vice versa? Things like that.