58
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 16:41, 27 June 2018
, 27 June 2018→Data Exchange with Merchant Websites: add one word
(→Private Browsing Mode: typo) |
(→Data Exchange with Merchant Websites: add one word) |
||
| Line 27: | Line 27: | ||
* First, the payment request from merchant to browser and the payment response from browser to merchant are always protected by Transport Layer Security (HTTPS) because the Payment Request API can be used only in [https://www.w3.org/TR/secure-contexts/ secure contexts]. | * First, the payment request from merchant to browser and the payment response from browser to merchant are always protected by Transport Layer Security (HTTPS) because the Payment Request API can be used only in [https://www.w3.org/TR/secure-contexts/ secure contexts]. | ||
* Second, because the user's form input (credit card, shipping address, etc.) is handled by trusted browser code instead of code (often third-party code) on a merchant website, it is much more difficult for unwanted [https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/ data exfiltration] to occur (e.g., via form tracking and session replay scripts). | * Second, because the user's form input (credit card number, shipping address, etc.) is handled by trusted browser code instead of code (often third-party code) on a merchant website, it is much more difficult for unwanted [https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/ data exfiltration] to occur (e.g., via form tracking and session replay scripts). | ||
== Information Leakage == | == Information Leakage == | ||