Nick Doty

The privacy risks of silent background requests are not solely limited to this one feature. Nonetheless, they do exist, and we should address them in each case.

> > The reality is that some browsers implement this without any privacy protections > > This is incorrect. See https://webkit.org/blog/8821/link-click-analytics-and-privacy/ Apologies, I was writing quickly and meant to refer...

I'm sure many are tired of repeating this debate, but just to quickly answer the substantive points on why transparency is a privacy benefit here, I've tried to be brief...

> > Yes, it's possible that some (at first, many) users might not understand UI. My expectation is that virtually no users inspect the HTML or DOM to check whether...

Reviews of the ARIA specs have touched on some of the different mechanisms that might currently be used to detect use of assistive technology. I'm not an expert here, but...

The TAG also has a summary of some of the features for detectability, and some context on the use of an icon to mark where features can enable detectability: https://github.com/w3ctag/design-principles/issues/293

Definitely agree with the risk -- and I think we have some documentation of exclusion risks in a couple of places. There might be things that we can do to...

The spectrum metaphor can sometimes be interpreted as this being a scalar, high-to-low thing, but as VCDM notes, it's more use case specific. Some conditions that might be relevant are...

I think this was the point I was raising in https://github.com/w3c-fedid/digital-credentials/issues/226

API design that makes it easy for a website developer to request only the data that they need is considered a good practice for [data minimization](https://www.w3.org/TR/privacy-principles/#data-minimization). (Also in the [Web...