DOM Review Draft — Published 21 June 2021 > 2021-08-31

[siusin]

• name of spec to be reviewed: DOM Review Draft — Published 21 June 2021

• URL of spec: https://dom.spec.whatwg.org/review-drafts/2021-06/

• What and when is your next expected transition? 2021-08-31, CR

• What has changed since any previous review? Please look at the list of important changes.

• Where and how to file issues arising? Please file an issue via https://github.com/whatwg/dom/issues.

Other comments: Thank you!

[samuelweiler]

I looks like the DOM spec does not have a consolidated Privacy considerations section. I raised this in 2019, and I still think it's an issue. Mentioning it here first in case @sysrqb and @EricMwobobia might want to include this among the issues they file. Here's the 2019 issue:

https://github.com/whatwg/dom/issues/777

[sandandsnow]

Scheduled for discussion in PING meeting on Thursday 2 September 2021

[sysrqb]

I don't have any privacy concerns related to the two changes listed in the Important Changes list. I did see an oversight in one of the linked patch, but it was already corrected in the spec: https://github.com/whatwg/dom/pull/994. It'd be nice if similar fixes could be included (or noted) in the list of changes in the future, too.

With respect to creating Privacy and Security Considerations sections, I appreciate the discussion in https://github.com/whatwg/dom/issues/777 and the position that the DOM spec does not lend itself to having privacy/security considerations (https://github.com/whatwg/dom/issues/777#issuecomment-521954100). However, despite this, I agree with Sam that this spec should include Considerations sections. The Self-Review Questionnaire provides an example for such a case, and I'll encourage adopting such a section.

If it seems like none of the features in your specification have security or privacy impacts, say so in-line, e.g.:

    "There are no known security impacts of the features in this specificaiton."

Be aware, though, that most specifications include features that have at least some impact on the fingerprinting surface of the browser. If you believe your specification in an outlier, justifying that claim is in order.

[sysrqb]

And opened https://github.com/w3cping/tracking-issues/issues/244 for tracking

[sandandsnow]

Review discussed on PING call on 2 September 2021.

Go to https://github.com/w3cping/tracking-issues/issues to track the progress of any issues raised as a result of the privacy review.

Issue closed as the review has been undertaken.

(Note: there may still be outstanding privacy considerations identified in the review that have not yet been resolved.)