Privacy Considerations: Preventing information leakage and fingerprinting

[johannhof]

We should give guidance that the API should avoid leaking any user or device information beyond what is specifically requested by the site, after the user grants permission. Proposed features like #219 can be designed in a way that exposes device information through revealing supported protocols. User-specific information could be revealed e.g. through delayed promise resolution for installed wallet applications vs. instant promise rejection for non-installed wallets.

[simoneonofri]

I think the rules defined in Mitigating Browser Fingerprinting in Web Specifications can be applied.

[marcoscaceres]

This issue asked for privacy considerations covering fingerprinting and information leakage risks.

The spec now has a "Fingerprinting and Data Leakage" section covering:

• Browser fingerprinting risks from the API
• "Leaking incidental data with credential presentations"
• "Revealing device properties through protocol availability" (constraining userAgentAllowsProtocol())
• "Avoiding leaks of credential availability"

@johannhof, could you confirm within two weeks (by May 14) whether this addresses your concern? If we don't hear back, we'll proceed to close this issue.

[johannhof]

This was a TODO issue for writing the Privacy Considerations, so I think it can be considered done (even if maybe not all of the concerns are resolved from the API overall).