Define privacy-preserving rendering#12554
Conversation
| <code>video</code> element, as defined by the relevant rendering rules; for WebVTT, those are the | ||
| <span>rules for updating the display of WebVTT text tracks</span>. <ref>WEBVTT</ref></p> | ||
|
|
||
| <p>In <span>privacy-preserving rendering</span>, subtitles and captions are <span>expected</span> |
There was a problem hiding this comment.
"During" instead of "In" seems more natural. What do you think?
There was a problem hiding this comment.
I agree that's better, I'll change it.
| <span>rules for updating the display of WebVTT text tracks</span>. <ref>WEBVTT</ref></p> | ||
|
|
||
| <p>In <span>privacy-preserving rendering</span>, subtitles and captions are <span>expected</span> | ||
| to be rendered with default appearance that ignores any user preferences.</p> |
There was a problem hiding this comment.
I think this means the website ends up violating the law in certain jurisdictions, we might want to have a warning here or alongside the eventual feature that uses this. Or maybe we should not support media elements given that we cannot make them accessible?
There was a problem hiding this comment.
The other option would be to respect the user settings and say that it's better on balance to leak these settings than for video to be impossible with HTML-in-Canvas. What's your preference?
There was a problem hiding this comment.
We cannot leak these settings. They would allow for unique fingerprints in many cases of an already vulnerable population.
| information that isn't otherwise observable to author code are omitted or replaced with safe | ||
| defaults. The detailed requirements are in the relevant sections above.</p> | ||
|
|
||
| <p>In <span>privacy-preserving rendering</span>, the user agent is expected to:</p> |
There was a problem hiding this comment.
I don't think we want to say "expected" here again. Maybe just drop this paragraph?
|
What's the motivation behind privacy-preserving rendering of subtitles and captions not taking into account user preferences? As I understand it, WebVTT rendering done by the UA or OS is already supposed to be privacy-preserving, and the current design choice is that there are no Web APIs for querying user preferences or for extracting styling choices from the rendered captions. It seems odd that privacy-preservation should have a negative impact on accessibility settings that aren't exposed to pages. (aside: I actually don't think the argument for prohibiting Web APIs for accessing user settings holds up any more, but that's a whole different discussion) |
|
This is a rendering mode that allows for arbitrary read back. Maybe instead of calling it privacy-preserving we should call it "read-back rendering mode". |
|
That would be a lot clearer, yes, seems like I got a whole different impression from the name alone. Not sure if this PR is the right place for the discussion (please point me to the right place: there's no linked issue), but since I'm here: Is this related to test drivers/engines? I'd expect test engines, when inspecting rendering results, to be able to choose whether to use this "read-back rendering mode" or to be able to read back the result rendered with a provided context of specific user settings. |
3 participants
(See WHATWG Working Mode: Changes for more details.)
/index.html ( diff )
/rendering.html ( diff )