From b283230af30f73a686120b2ee9bc5693d11cb2d6 Mon Sep 17 00:00:00 2001 From: Alexander Hendrich Date: Mon, 21 Aug 2023 13:41:07 +0200 Subject: [PATCH 1/3] Update S&P questionnaire for getCloudIdentifiers() --- security-privacy-questionnaire.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security-privacy-questionnaire.md b/security-privacy-questionnaire.md index 368c85b..04e1737 100644 --- a/security-privacy-questionnaire.md +++ b/security-privacy-questionnaire.md @@ -30,10 +30,14 @@ Additionally, user agents could also choose to persist the last directory a file The `getUniqueId()` method will require a user agent to persist information (e.g. a salt) to provide unique identifiers for handles which are stable across browsing sessions, but which are invalidated once the user clears storage for the site. This state will not be exposed to the website. +The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website. These identifiers are usually stable and cannot be invalidated as part of this API. + ### 2.6. What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin? Anything that exists on disk in files could be exposed by the user to the web. However, user agents are encouraged to maintain a block list of certain directories with particularly sensitive files, and thus somewhat restrict which files and directories the user is allowed to select. For example, things like Chrome's "Profile" directory, and other platform configuration data directories are likely going to be on this block list. +The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website, thereby exposing which cloud storage providers' sync clients are present on the user's machine and which files are synced by which provider. + ### 2.7. Does this specification allow an origin access to sensors on a user’s device No, unless a device exposes such sensors as files or directories. User agents are encouraged to block access to such files or directories (for example `/dev` on linux like systems). From 2073757ffc5246898b3a9512c44d4e40c1269185 Mon Sep 17 00:00:00 2001 From: Alexander Hendrich Date: Tue, 19 Sep 2023 18:04:33 +0200 Subject: [PATCH 2/3] review comments --- security-privacy-questionnaire.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security-privacy-questionnaire.md b/security-privacy-questionnaire.md index 04e1737..e6ddb34 100644 --- a/security-privacy-questionnaire.md +++ b/security-privacy-questionnaire.md @@ -30,13 +30,14 @@ Additionally, user agents could also choose to persist the last directory a file The `getUniqueId()` method will require a user agent to persist information (e.g. a salt) to provide unique identifiers for handles which are stable across browsing sessions, but which are invalidated once the user clears storage for the site. This state will not be exposed to the website. -The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website. These identifiers are usually stable and cannot be invalidated as part of this API. +The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website. These identifiers may be stable and cannot be invalidated as part of this API. ### 2.6. What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin? Anything that exists on disk in files could be exposed by the user to the web. However, user agents are encouraged to maintain a block list of certain directories with particularly sensitive files, and thus somewhat restrict which files and directories the user is allowed to select. For example, things like Chrome's "Profile" directory, and other platform configuration data directories are likely going to be on this block list. -The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website, thereby exposing which cloud storage providers' sync clients are present on the user's machine and which files are synced by which provider. +The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website. +Therefore, the requesting website is able to enumerate those sync clients that are present on the user's machine, if they sync items the website has a file/directory handle to. ### 2.7. Does this specification allow an origin access to sensors on a user’s device From 7874d0492044bebc3db5f8c0d2922d1a743bb85d Mon Sep 17 00:00:00 2001 From: Alexander Hendrich Date: Tue, 19 Sep 2023 18:08:20 +0200 Subject: [PATCH 3/3] review comments improvement --- security-privacy-questionnaire.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-privacy-questionnaire.md b/security-privacy-questionnaire.md index e6ddb34..f4180b2 100644 --- a/security-privacy-questionnaire.md +++ b/security-privacy-questionnaire.md @@ -37,7 +37,7 @@ The `getCloudIdentifiers()` method will request identifiers for a given file/dir Anything that exists on disk in files could be exposed by the user to the web. However, user agents are encouraged to maintain a block list of certain directories with particularly sensitive files, and thus somewhat restrict which files and directories the user is allowed to select. For example, things like Chrome's "Profile" directory, and other platform configuration data directories are likely going to be on this block list. The `getCloudIdentifiers()` method will request identifiers for a given file/directory handle from a cloud storage provider's sync client (usually an external service/application) and forward these to the requesting website. -Therefore, the requesting website is able to enumerate those sync clients that are present on the user's machine, if they sync items the website has a file/directory handle to. +Therefore, the requesting website can enumerate all those sync clients present on the user's machine that sync a file/directory the website has a handle to. ### 2.7. Does this specification allow an origin access to sensors on a user’s device