jyasskin
commented
9 months ago I think this got fixed in one of the otherwise-editorial rewrites of the https://w3ctag.github.io/privacy-principles/#unavoidable-information-exposure section. We now have only "New APIs that unavoidably provide access to this kind of information should not make that information easier to access compared to existing comparable web platform features."
Section 2.3.3 (sketchy information, nice) says:
This is followed by a longer explanation of this statement. I disagree with this statement in general.
Code and maintenance costs scale poorly. Generally, code costs can be amortized in ways that ensure that collection at scale is almost always economically feasible, despite any efforts to make it harder. Any function can be turned into a library and packaged for onward use at nearly zero incremental cost. A commitment to a backwardly-compatible platform means that the maintenance cost is often a one-off.
Runtime costs are more interesting. Costs that might be incurred by the actor seeking the information might scale in a way that makes this approach a good one, but my experience with most privacy-sensitive functions is that the cost is not borne directly by sites that collect the information. Instead, the direct cost is paid in resources provided by end users. There can be indirect costs to the site (the site loads more slowly because they are thrashing the CPU), but these can be managed.
Finally, the argument relies on the notion that collection is economically infeasible in the aggregate. As I've said on numerous occasions, we can't ignore the potential that a mechanism might be used to target a small number of people, even if it won't (economically) scale to large numbers of people. Those who are targeted (or can be targeted) for improper data collection will find little comfort in the knowledge that others did not suffer the same privacy loss.
There is perhaps a case for not spending effort in making it easier to gather information like this, but that's different. I can justify not doing something to improve collection on the basis that it provides people no tangible value.
Overall, this isn't a strong position to take and I'd like to see this text removed from the document.