58
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 16:56, 27 June 2018
, 27 June 2018→Fingerprinting: Add proviso and link to EFF report
(→Data Exchange with Merchant Websites: add one word) |
(→Fingerprinting: Add proviso and link to EFF report) |
||
| Line 40: | Line 40: | ||
During an [https://blog.lukaszolejnik.com/privacy-of-web-request-api/ early privacy review] of the Payment Request API, Lukasz Olejnik raised concerns about the ability of website scripts to "fingerprint" a user by repeatedly using the .canMakePayment() call to determine which payment methods and payment instruments the user has installed. To mitigate this risk, Firefox allows the .canMakePayment() call only in top-level browsing contexts and only after the user "gestures" to allow .show() from the website. Furthermore, Firefox matches only on installed payment handlers or supported payment methods (e.g., basic-card), not on card networks (e.g., Visa or Amex). | During an [https://blog.lukaszolejnik.com/privacy-of-web-request-api/ early privacy review] of the Payment Request API, Lukasz Olejnik raised concerns about the ability of website scripts to "fingerprint" a user by repeatedly using the .canMakePayment() call to determine which payment methods and payment instruments the user has installed. To mitigate this risk, Firefox allows the .canMakePayment() call only in top-level browsing contexts and only after the user "gestures" to allow .show() from the website. Furthermore, Firefox matches only on installed payment handlers or supported payment methods (e.g., basic-card), not on card networks (e.g., Visa or Amex). | ||
Because fingerprinting attacks are extremely creative (see the EFF report [https://panopticlick.eff.org/static/browser-uniqueness.pdf How Unique Is Your Web Browser?]), it is possible that additional attack vectors might be enabled by the W3C Payment Request API, perhaps in combination with non-payment vectors; we are investigating this possibility. | |||
== Private Browsing Mode == | == Private Browsing Mode == | ||