Privacy considerations of retrieving a payment method manifest

[triblondon]

From TAG review

We noted in our review that retrieving a payment method manifest might reveal information to a payment service about the activity of an end user. For example, a payment method that is only supported on one website might allow that payment provider to discover the IP addresses of users who visit that website.

We're not certain how valid this concern is, nor if there may be other privacy concerns that we haven't thought of, but we would like to see a privacy considerations section included in the specification. This should cover any potentially unexpected/surprising privacy compromising side effects and possible mitigations

[zkoch]

Thanks, we'll add this.

[rsolomakhin]

We have improved upon the situation by downloading the manifests only for the apps that the user has installed. I will add to the spec a recommendation to do this for other user agents as well.