On Tue, Sep 5, 2017 at 10:13 AM, Shubhie Panicker via dev-platform < dev-platform@lists.mozilla.org> wrote:
> Boris expressed privacy concern with the API and suggested starting a > thread here to get some concrete feedback. It's great that you agreed to send this (and other client hints?) only for secure connections. I share Boris's concern that the buckets are too fine-grained. Are those fine distinctions likely to matter to content producers compared to the additional fingerprintability? Of course if we implemented client hints we could simply send less information, like 0.5, 1, and 2. Maybe 4 if some sites really would send resources large enough to where that is an issue. And I guess Firefox for Android claims to be able to run on a 384Mb device so maybe 0.25 is a useful value as well. Sending the info to 3rd party resources increases tracking risk, though I suppose if we didn't sites could still pass the info along through URL parameters. I do not know what are plans are about Client Hints in general, whether we intend to or when, and obviously that's a prerequisite. - Dan Veditz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
