W3C | TAG | TAG Work Plan
The intent of this effort is to identify, document, and promote best practices
the return of unnecessary information, notably by avoiding fingerprinting.
This covers multiple related approaches to preserving users' privacy:
User-mediated enumeration. For instance, rather than allowing the code to enumerate all video inputs
and select one to ask the user for permission to access it, have the code request access to video
input in general, and let the user pick the input she wishes to grant access to. This prevents
Device-triggered access. A good example of this design approach is the Gamepad API. Rather than allowing
the enumeration of gamepads plugged that are available (which would provide a potentially large fingerprinting
surface) input from gamepads is only provided when the user manipulates them (similar to the manner in which
script cannot enumerate or even detect the presence of a mouse until the user moves it).
API minimisation. Make it so that if the code only needs access to the phone numbers in a user's set of contacts,
don't also provide their emails, home addresses, etc. on the returned contact objects. Furthermore, if applicable,
make it possible for the user to be fully in control of the exact information that is returned when it is sensitive.
The finding (or discussions leading to the finding) successfully influence the design of APIs to improve their
The document provides useful education and analysis for those who build web applications and related specifications.
Inside W3C several API-related groups have already had privacy- and fingerprinting-related discussions. These should
constitute a priority target for this finding.
Key deliverables with dates:
- [done] Initial draft finding for review at Nov. 2011 TPAC
- [done] New version draft finding for review at Apr. 2012 TAG F2F
- [done] New version draft finding for review at Jun. 2012 TAG F2F
- TAG approves publishing a draft finding; request for review from API groups Jul. 2012
- TBD: an approved TAG finding on API Privacy by Design
- New draft finding for community and TAG review Jul 2012
TAG Members assigned:
- Robin Berjon
- Several participants in the DAP WG have indicated strong interest and may contribute to the work
We intend to coordinate with the IAB on the review of this.
TAG Issues, Actions, Tracker Product Page