Make mandatory link between image metadata and page permissions #283
Labels
privacy-needs-resolution
Issue the Privacy Group has raised and looks for a response on.
Comments
pes10k
added
the
privacy-needs-resolution
|
@pes10k any update on the issue? From the fingerprinting issues raised in the media capture stream, I believe stripping excessive metadata is a good privacy approach. We can also review the various data to trim the excessive data to be used in fingerprinting if need be. |
|
@EricMwobobia i have not heard anything back from the WG in response to PINGs review |
|
@riju Can you have a look? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(this issue is from the review I did as part of PING's HR review)
Currently, the spec mentions, non-normatively, that implementors might consider preventing unexpected information loss through image headers. The risks for privacy loss here is significant, and could even weaken privacy protections enforced elsewhere in the platform (as an example, geolocation information might be leaked to the page through an EXIF header in an image, despite the page not having the geolocation permission).
The spec should, normatively, ensure that the new functionality in the spec doesn't cause such privacy harm.
Two possible suggestions for how the spec could do this:
The above are just offered as suggestions, but the core of the issue here is that the spec should deal with this introduced privacy risk through normative / required protections.
The text was updated successfully, but these errors were encountered: