[css-conditional] Move and rewrite the security and privacy considerations section. Fixes w3c#1243.

dbaron · dbaron · commit 63f21852a30a · 2018-07-02T15:06:29.000+10:00
diff --git a/css-conditional-3/Overview.bs b/css-conditional-3/Overview.bs
@@ -1033,6 +1033,27 @@ partial namespace CSS {
       Otherwise, it must return <code>false</code>.
   </dl>
 
+<h2 class=no-num id=priv-sec>Privacy and Security Considerations</h2>
+
+This spec introduces no new security considerations.
+
+Various features in this specification,
+associated mainly with the ''@media'' rule
+but also to some degree with the ''@supports'' rule,
+provide information to Web content about
+the user's hardware and software and their configuration and state.
+Most of the information is provided through the features in [[MEDIAQ]]
+rather than through the features in this specification.
+However, the ''@supports'' rule may provide some additional details about the user's software
+and whether it is running with non-default settings that may enable or disable certain features.
+
+Most of this information can also be determined through other APIs.
+However, the features in this specification are one of the ways this information
+is exposed on the Web.
+
+This information can also, in aggregate, be used to improve the accuracy of
+<a href="https://www.w3.org/2001/tag/doc/unsanctioned-tracking/">fingerprinting</a> of the user.
+
 <h2 id="changes">
 Changes</h2>
 
@@ -1051,6 +1072,7 @@ Changes</h2>
       for consistency with the ''@import'' rule’s ''supports()'' function.
   <li>Fixed missing semicolons in IDL code.
   <li>Updated links, terminology, and example code in response to changes to other modules.
+  <li>Added section on privacy and security considerations.</li>
 </ul>
 
 <h2 class=no-num id="acknowledgments">Acknowledgments</h2>
@@ -1081,12 +1103,3 @@ Zack Weinberg,
 Estelle Weyl,
 Boris Zbarsky,
 and all the rest of the <a href="http://lists.w3.org/Archives/Public/www-style/">www-style</a> community.
-
-<h2 class=no-num id=priv-sec>Privacy and Security Considerations</h2>
-
-This spec introduces no new security considerations.
-
-While this spec does modify the definition of the ''@media'' rule,
-which does have some privacy considerations,
-the modifications defined here do not have any effect on the privacy considerations for ''@media''.
-No other feature in this spec has any privacy considerations.
