We have a continuing problem with propagation of normally-invisible but easily revealed data. The poster-child is EXiF data in images, which can be very revealing but often not exposed. But there are other examples, and many formats support normally-hidden data (e.g. in text formats that are interpreted, metadata and comments are supported, including in HTML).
If you are defining a format, does it enable the carriage of data that is not normally revealed, but that can and sometimes does carry information about a person? Examples include metadata fields and comment blocks in text formats (sometimes used for comments like "last edited by Brutus on 15 March 55BC"), but can also include e.g. client-side cropping of images, client-side trimming the time-intervals of audio and video played, and so on.
We have a continuing problem with propagation of normally-invisible but easily revealed data. The poster-child is EXiF data in images, which can be very revealing but often not exposed. But there are other examples, and many formats support normally-hidden data (e.g. in text formats that are interpreted, metadata and comments are supported, including in HTML).
If you are defining a format, does it enable the carriage of data that is not normally revealed, but that can and sometimes does carry information about a person? Examples include metadata fields and comment blocks in text formats (sometimes used for comments like "last edited by Brutus on 15 March 55BC"), but can also include e.g. client-side cropping of images, client-side trimming the time-intervals of audio and video played, and so on.