Fingerprinting risk: users that configure their device to not permit screen locking

Reviewer from Privacy WG here 👋

When [applying an orientation lock](https://www.w3.org/TR/screen-orientation/#applying-an-orientation-lock) in step 5.4, "if the attempt fails due to previously-established user preference, or platform limitation, or any other reason: [...] [reject and nullify the current lock promise](https://www.w3.org/TR/screen-orientation/#dfn-reject-and-nullify-the-current-lock-promise) of document with a "[NotSupportedError](https://webidl.spec.whatwg.org/#notsupportederror)".". This leaves the user configuration potentially fingerprintble. This may be the correct behavior, but it would be nice to include a fingerprinting risk in the note associated with the step.

It also may be mitigated significantly by making the suggestion in Section 9 mandatory behavior: "A user agent SHOULD restrict the use of [lock](https://www.w3.org/TR/screen-orientation/#dom-screenorientation-lock)() to simple fullscreen documents as a [pre-lock condition](https://www.w3.org/TR/screen-orientation/#dfn-pre-lock-conditions). [[fullscreen](https://www.w3.org/TR/screen-orientation/#bib-fullscreen)]". Does anything prevent this from being MUST?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fingerprinting risk: users that configure their device to not permit screen locking #260

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Fingerprinting risk: users that configure their device to not permit screen locking #260

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions