Does your document have an in-line Privacy Considerations section, ideally one separate from the Security Considerations? If not, corrrect that before proceeding further.
Yes.
Please point to the results of your own self-review (see https://w3ctag.github.io/security-questionnaire/ , https://w3c.github.io/fingerprinting-guidance/, https://tools.ietf.org/html/rfc6973)
(1) PII? No
(2) High value data? No
(3) New state that persists across browsing sessions? No
(4) Persistent, cross-origin state? No
(5) Newly expose data to an origin? No
(6) New script exe/loading? No
(7) Access location? No
(8) Access sensors? No
(9) Access local computing environment? No.
(10) Access other devices? No
(11) Control over UA's UI? No
(12) Expose temp IDs? No
(13) 1st party vs. 3rd party contexts? No
(14) What about "incognito"? No changes
(15) Local data persist? No
(16) "Security Considerations" and "Privacy Considerations"? There are
no known security or privacy impacts of this feature beyond
fingerprinting [ fingerprinting-guidance] techniques that already are
available through existing events, such as the keydown and keypress [
UI-EVENTS] events.
(17) Downgrade default security? N
In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.
name of spec to be reviewed: Input Events Level 2
URL of spec: https://www.w3.org/TR/2024/WD-input-events-2-20241018/
What and when is your next expected transition? CR
What has changed since any previous review? Please review the list of normative changes since 2018 at the following link: https://github.com/w3c/input-events/issues/166
Does your document have an in-line Privacy Considerations section, ideally one separate from the Security Considerations? If not, corrrect that before proceeding further. Yes.
Please point to the results of your own self-review (see https://w3ctag.github.io/security-questionnaire/ , https://w3c.github.io/fingerprinting-guidance/, https://tools.ietf.org/html/rfc6973) (1) PII? No (2) High value data? No (3) New state that persists across browsing sessions? No (4) Persistent, cross-origin state? No (5) Newly expose data to an origin? No (6) New script exe/loading? No (7) Access location? No (8) Access sensors? No (9) Access local computing environment? No. (10) Access other devices? No (11) Control over UA's UI? No (12) Expose temp IDs? No (13) 1st party vs. 3rd party contexts? No (14) What about "incognito"? No changes (15) Local data persist? No (16) "Security Considerations" and "Privacy Considerations"? There are no known security or privacy impacts of this feature beyond fingerprinting [ fingerprinting-guidance] techniques that already are available through existing events, such as the keydown and keypress [ UI-EVENTS] events. (17) Downgrade default security? N
Where and how to file issues arising? https://github.com/w3c/input-events/issues/new
Pointer to any explainer for the spec? None.
Other comments: Previous review request: https://lists.w3.org/Archives/Public/public-privacy/2017JanMar/0028.html