Skip to content
This repository was archived by the owner on Nov 7, 2024. It is now read-only.
This repository was archived by the owner on Nov 7, 2024. It is now read-only.

Discussion of high level threats should include clearer normative statements #37

Description

@jyasskin

https://w3cping.github.io/privacy-threat-model/#high-level-threats currently starts with

User agents should attempt to defend their users from a variety of high-level threats or attacker goals, described in this section.

but most of the individual threat descriptions don't follow this up by saying what UAs should do about them. For example, https://w3cping.github.io/privacy-threat-model/#hl-recognition-cross-site could add something like

UAs should prevent entities from tracking a user across different sites without that user's intent.

The RFC2119 aspect of "SHOULD" that "there may exist valid reasons in particular circumstances to ignore a particular item" then gets elaborated in the high-level threat's detailed threat model.

I think this matches @pes10k's request for more principles in the document.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions