Expand the disscussion

Author: schenney-chromium

mediaqueries-5/Overview.bs

@@ -148,28 +148,6 @@ Units</h3>
 	Note that this will also take into account additional restrictions the user might apply,
 	such as minimum font sizes.
 
-<h3 id='mq-prefers-security'>
-Prefers-* Media Features Security and Privacy</h3>
-
-	Media features that reflect operating system preferences are a fingerprinting risk
-	because different users have different preferences and these are observable to origins.
-
-	* The 'prefers-reduced-data' media feature may be correlated with low income and limited data.
-	* The `prefers-reduced-motion`, `prefers-color-scheme`, `prefers-reduced-transparency` and
-	  `forced-colors` queries reflect affordances for a range of special needs,
-	
-	Properties dependent on one of the above media queries
-	may be read by embedded iframe content using several methods:
-
-	* Colors and other property values may be directly accessed through computed style.
-	* Layout affecting properties influence lengths, positions and sizes available to script.
-	* Images may be rendered into a canvas element and pixels value read by script.
-
-	Authors should use these media features only when the benefit is clear,
-	particularly when embedding third party content.
-	Combining these queries increases the fingerprinting risk,
-	allowing users to be sorted into smaller buckets.
-
 <!--
 ██     ██  ███████
 ███   ███ ██     ██
@@ -3699,8 +3677,38 @@ Appendix B: Privacy Considerations</h2>
 
 	Issue: this section is <a href="https://github.com/w3c/csswg-drafts/issues?q=is%3Aopen+is%3Aissue+label%3Amediaqueries-5+label%3Aprivacy-tracker">incomplete</a> 
 
-	<a href="#mq-prefers-security">Section 1.4</a> discusses fingerprinting via
-	the 'prefers-*' and 'forced-colors' media features.
+	Many media features enable fingerprinting of users
+	based on the display and interaction characteristics of their device:
+
+	* <a href="#mf-colors">Colors</a>: {{color}}, {{color-index}}, {{monochrome}}, {{color-gamut}} and {{dynamic-range}}
+	* <a href="#mf-viewport-characteristics>Viewport characteristics</a>: {{aspect-ratio}}, {{orientation}},
+	  {{horizontal-viewport-segments}} and
+	  {{vertical-viewport-segments}}
+	* <a href="#mf-display-quality">Display quality</a>: {{resolution}}, {{scan}}, {{grid}}, {{update}} and {{environment-blending}}
+	* <a href="#interaction">Interaction devices</a>: {{pointer}}, {{hover}}, {{any-pointer}} and {{any-hover}}.
+
+	The {{environment-blending}} feature is of particular concern
+	because it suggests <em>where</em> a user may be located,
+	and is likely present in a small set of devices.
+	Uncommon device properties are stronger fingerprinting features
+	because they help segment devices into smaller sets.
+
+	Media features that reflect operating system preferences are a fingerprinting risk
+	because such preferences are correlated with characteristics of the user themselves:
+
+	* The {{prefers-reduced-data}} media feature may be correlated with low income and limited data.
+	* The {{prefers-reduced-motion}}, {{prefers-color-scheme}}, {{prefers-reduced-transparency}},
+	  {{forced-colors}} and {{inverted-colors}} queries reflect affordances for a range of special needs.
+	
+	Properties dependent on one of the above media queries
+	may be accessed by script using several methods:
+
+	* Colors and other property values may be directly accessed through computed style.
+	* Layout affecting properties (such as font size) influence lengths, positions and sizes available to script.
+
+	UAs may disable these media features when users have expressed sensitivity to tracking.
+	Alternatively, UAs may limit the combination of features within a single page
+	to reduce the fingerprinting power of the page.
 
 	The {{PreferenceManager}} object allows querying some user-preference [=media features=]. This
 	is not a privacy leak, as that information is already trivially
@@ -3721,7 +3729,7 @@ Appendix B: Privacy Considerations</h2>
 
 	Issue: this section is <a href="https://github.com/w3c/csswg-drafts/issues?q=is%3Aopen+is%3Aissue+label%3Amediaqueries-5+label%3Asecurity-tracker+">incomplete</a>
 
-	The 'display-mode' media feature allows an origin
+	The {{display-mode}} media feature allows an origin
 	access to aspects of a user’s local computing environment and,
 	particularly when used together with an [=application manifest=] [=manifest/display=] member [[APPMANIFEST]],
 	allows an origin some measure of control over a user agent’s native UI.