FFFF [mediaqueries] Add a privacy/security section. · w3c/csswg-drafts@ecc2064 · GitHub
Skip to content

Commit ecc2064

Browse files
tabatkinstabatkins
committed
[mediaqueries] Add a privacy/security section.
1 parent 509ba99 commit ecc2064

2 files changed

Lines changed: 31 additions & 0 deletions

File tree

mediaqueries/Overview.bs

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2214,3 +2214,21 @@ Comments from
22142214
Steven Pemberton,
22152215
and Susan Lesch
22162216
improved this specification.
2217+
2218+
Privacy and Security Considerations {#priv-sec}
2219+
===============================================
2220+
2221+
This specification introduces no new security considerations.
2222+
2223+
Media Queries enable CSS to query various aspects of the page's environment,
2224+
including things that can be difficult or impossible to find via scripting.
2225+
This is potentially a privacy hazard,
2226+
allowing enhanced fingerprinting of a user,
2227+
but the risk is generally low.
2228+
At minimum, the same information should be <em>inferrable</em>
2229+
via scripting by examining the User Agent string.
2230+
However, UA string spoofing does not affect Media Queries,
2231+
making this a somewhat more robust detection technique.
2232+
2233+
That said, the information granted by Media Queries is relatively coarse,
2234+
and does not contribute much entropy in this regard.

mediaqueries/Overview.html

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,7 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
177177
<li><a href="#changes-2012"><span class="secno"></span> <span class="content"> Changes Since the Media Queries Level 3</span></a>
178178
</ol>
179179
<li><a href="#acknowledgments"><span class="secno"></span> <span class="content"> Acknowledgments</span></a>
180+
<li><a href="#priv-sec"><span class="secno">12</span> <span class="content">Privacy and Security Considerations</span></a>
180181
<li>
181182
<a href="#conformance"><span class="secno"></span> <span class="content"> Conformance</span></a>
182183
<ol class="toc">
@@ -2199,6 +2200,18 @@ <h2 class="no-num heading settled" id="acknowledgments"><span class="content"> A
21992200
Steven Pemberton,
22002201
and Susan Lesch
22012202
improved this specification.</p>
2203+
<h2 class="heading settled" data-level="12" id="priv-sec"><span class="secno">12. </span><span class="content">Privacy and Security Considerations</span><a class="self-link" href="#priv-sec"></a></h2>
2204+
<p>This specification introduces no new security considerations.</p>
2205+
<p>Media Queries enable CSS to query various aspects of the page’s environment,
2206+
including things that can be difficult or impossible to find via scripting.
2207+
This is potentially a privacy hazard,
2208+
allowing enhanced fingerprinting of a user,
2209+
but the risk is generally low.
2210+
At minimum, the same information should be <em>inferrable</em> via scripting by examining the User Agent string.
2211+
However, UA string spoofing does not affect Media Queries,
2212+
making this a somewhat more robust detection technique.</p>
2213+
<p>That said, the information granted by Media Queries is relatively coarse,
2214+
and does not contribute much entropy in this regard.</p>
22022215
</main>
22032216
<h2 class="no-ref no-num heading settled" id="conformance"><span class="content"> Conformance</span><a class="self-link" href="#conformance"></a></h2>
22042217
<h3 class="heading settled" id="document-conventions"><span class="content"> Document conventions</span><a class="self-link" href="#document-conventions"></a></h3>

0 commit comments

Comments
 (0)