The issue was found during the request review: w3c/security-request#48
The Spec reviewed: https://www.w3.org/TR/autoplay-detection/
1. What/where exactly the spec says this:
The spec's Section 4 (Security and Privacy Considerations) claims:
"It does not allow an origin to detect if users are in the private or non-private browsing mode."
|
user agent's native UI. It does not allow an origin to detect if users are in |
|
the private or non-private browsing mode. |
The spec's own questionnaire answer says:
"This specification does not treat Private Browsing and Incognito mode in a special way. They should all work the same as normal browsing mode. Unless the user agent implements something specially which would return different answers for the same origin under the same situation."
|
This specification does not treat Private Browsing and Incognito mode in a |
|
special way. They should all work the same as normal browsing mode. |
|
|
|
Unless the user agent implements something specially which would return |
|
different answers for the same origin under the same situation. |
That second sentence directly contradicts the claim in Section 4. The spec acknowledges the possibility of divergent behavior across modes but makes no normative requirement preventing it.
2. What correction we're suggesting and why:
The spec should include a normative requirement that implementations MUST return consistent AutoplayPolicy results for a given origin regardless of whether the browsing context is private or normal, under otherwise identical conditions.
The W3C Security & Privacy Questionnaire §2.15 asks specifically about private browsing mode correlation, and the Web Platform Design Principles state that spec authors should "avoid, as much as possible, making the presence of private browsing mode detectable to sites" (referenced in the questionnaire). The spec currently violates this principle by omission — it neither mandates nor prevents divergent behavior across modes.
3. How it can be fixed — exact wording:
How about we add something like this?
"A user agent MUST NOT return different AutoplayPolicy values for the same origin under the same conditions based solely on whether the browsing context is in private browsing mode or normal browsing mode. Returning divergent values across modes would allow an origin to infer the user's browsing mode, violating the principle described in Web Platform Design Principles § do-not-expose-use-of-private-browsing-mode."
Remove the current claim
"It does not allow an origin to detect if users are in the private or non-private browsing mode"
because without the normative requirement above, it's an unsubstantiated assertion.
The issue was found during the request review: w3c/security-request#48
The Spec reviewed: https://www.w3.org/TR/autoplay-detection/
1. What/where exactly the spec says this:
The spec's Section 4 (Security and Privacy Considerations) claims:
autoplay/index.bs
Lines 417 to 418 in 052da0a
The spec's own questionnaire answer says:
autoplay/security-privacy-questionnaire.md
Lines 100 to 104 in 052da0a
That second sentence directly contradicts the claim in Section 4. The spec acknowledges the possibility of divergent behavior across modes but makes no normative requirement preventing it.
2. What correction we're suggesting and why:
The spec should include a normative requirement that implementations MUST return consistent AutoplayPolicy results for a given origin regardless of whether the browsing context is private or normal, under otherwise identical conditions.
The W3C Security & Privacy Questionnaire §2.15 asks specifically about private browsing mode correlation, and the Web Platform Design Principles state that spec authors should "avoid, as much as possible, making the presence of private browsing mode detectable to sites" (referenced in the questionnaire). The spec currently violates this principle by omission — it neither mandates nor prevents divergent behavior across modes.
3. How it can be fixed — exact wording:
How about we add something like this?
Remove the current claim
because without the normative requirement above, it's an unsubstantiated assertion.