58
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 23:40, 6 June 2018
, 6 June 2018improved accuracy of several statements
(Re-organized the page and added more content!) |
(improved accuracy of several statements) |
||
| Line 35: | Line 35: | ||
* Firefox does not share the user's full shipping address until the user approves the payment at the very end of the process (see {{bug|1443735|Bug 1443735}}). | * Firefox does not share the user's full shipping address until the user approves the payment at the very end of the process (see {{bug|1443735|Bug 1443735}}). | ||
* Although a merchant website could gather the user's partial shipping address (country and postal code) by calling the Payment Request .show() and .abort() functions in quick succession, to prevent abuse we are implementing a minimum amount of time to display the payment sheet (thus making it | * Although a merchant website could gather the user's partial shipping address (country and postal code) by calling the Payment Request .show() and .abort() functions in quick succession, to prevent abuse we are implementing a minimum amount of time to display the payment sheet (thus making it extremely difficult for a website to trick a user into sharing this information). | ||
== Fingerprinting == | == Fingerprinting == | ||
During an [https://blog.lukaszolejnik.com/privacy-of-web-request-api/ early privacy review] of the Payment Request API, Lukasz Olejnik raised concerns about the ability of website scripts to "fingerprint" a user by repeatedly using the .canMakePayment() call to determine which payment methods and payment instruments the user has installed. To mitigate this risk, Firefox allows the .canMakePayment() call only in top-level browsing contexts and only after the user "gestures" to allow .show() from the website. Furthermore, Firefox matches only on installed payment handlers or supported payment methods (e.g., basic-card | During an [https://blog.lukaszolejnik.com/privacy-of-web-request-api/ early privacy review] of the Payment Request API, Lukasz Olejnik raised concerns about the ability of website scripts to "fingerprint" a user by repeatedly using the .canMakePayment() call to determine which payment methods and payment instruments the user has installed. To mitigate this risk, Firefox allows the .canMakePayment() call only in top-level browsing contexts and only after the user "gestures" to allow .show() from the website. Furthermore, Firefox matches only on installed payment handlers or supported payment methods (e.g., basic-card), not on card networks (e.g., Visa or Amex). | ||
== Private Browsing Mode == | == Private Browsing Mode == | ||
| Line 49: | Line 49: | ||
* Firefox does not send user data to the website without user consent. | * Firefox does not send user data to the website without user consent. | ||
* Firefox does not update storage metadata. | * Firefox does not update storage metadata. | ||
* Firefox | * Firefox takes several steps to prevent a website from using the Payment Request API to discover whether private browsing mode is enabled. | ||
== Process Separation == | == Process Separation == | ||