[css-color-adjust-1][editorial] Expand reasoning for preserving the privacy leak around system colors. w3c#5710

Author: tabatkins

css-color-adjust-1/Overview.bs

@@ -744,6 +744,23 @@ Privacy and Security Considerations {#priv-sec}
 	via {{getComputedStyle()}},
 	which can increase fingerprinting surface.
 
+	<div class=note>
+		Avoiding this comes with unfortunate drawbacks that were deemed too significant to be ignored.
+		Namely:
+
+		* preserving system colors as keywords until actual-value time
+			would break a significant amount of deployed script,
+			as the initial value of 'color' is a system color already
+			(but a huge amount of script implicitly expects to see an RGB color from 'color')
+		* lying about system colors from the scripting APIs
+			(pretending they're always some static values)
+			can result in any colors calculated <em>from</em> page colors in script
+			being unreadable when used with the <em>actual</em> system colors.
+
+		See <a href="https://github.com/w3c/csswg-drafts/issues/5710#issuecomment-840772752">Issue 5710</a>
+		for discussion on this topic.
+	</div>
+
 	Additionally, it may be possible for an embedded document
 	to use timing attacks to determine whether its own 'color-scheme'
 	matches that of its embedding <{iframe}> or not.