On 09.09.2018 11:05, Mike O'Neill wrote: >> >> We don’t necessarily believe that a model where the user is asked whether >> they consent to sharing their data with third-party trackers is ideal, >> because explaining the implications of the data sharing is very hard, and >> there are many problems associated with asking for permission from the >> user. But we are looking at this API as a programmatic hook into the point >> in time when a third-party context would like to obtain full storage access >> rights, which would allow the browser to perform various forms of >> security/privacy checks at that time. Prompting the user is only one of the >> options we’ve thought about so far. Note that the API limits granting >> access only to callers coming at times when processing a user gesture. >> > The legal requirement in Europe is that storage can only be accessed if the > user has unambiguously given their "freely given, specific & informed" > consent. How will a European website top-level context (first-party) ensure > that embedded third-parties will not be granted storage access without the > user first being prompted?
This is not really about sharing, is it? AFAIU we plan to limit how third parties can look at their own storage buckets - generally. This API just allows them to poke a relatively well-defined hole (and thus giving us an opportunity for intervention). This API is mostly orthogonal to any data sharing between the first and the third party - isn't it? _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
