Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a sensitive information threat model #12

Merged
merged 6 commits into from
Mar 17, 2020
Merged

Add a sensitive information threat model #12

merged 6 commits into from
Mar 17, 2020

Conversation

jyasskin
Copy link
Member

@jyasskin jyasskin commented Jan 10, 2020
edited by pr-preview bot
Loading

Does this look like a reasonable way to express the threat model for sensitive information? Attackers don't seem to have varying capabilities for this high-level threat, and their only goal is to get the piece of information. I think the variance and disagreement between user agents comes in the choice of how to infer user intent and the choice of what information is sensitive.

Preview | Diff

jyasskin
jyasskin commented Jan 10, 2020
View reviewed changes
index.bs Show resolved Hide resolved
@jyasskin jyasskin force-pushed the sensitive-info-threat-model branch 2 times, most recently from 2eba6d2 to b2f3367 Compare January 16, 2020 23:27
@jyasskin jyasskin requested a review from npdoty February 7, 2020 19:14
npdoty
npdoty requested changes Mar 9, 2020
View reviewed changes
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
@jyasskin jyasskin force-pushed the sensitive-info-threat-model branch from b2f3367 to c4c99d3 Compare March 9, 2020 23:15
@jyasskin jyasskin force-pushed the sensitive-info-threat-model branch from c4c99d3 to 542cfcc Compare March 9, 2020 23:59
@jyasskin jyasskin force-pushed the sensitive-info-threat-model branch from af69f64 to e010f53 Compare March 17, 2020 21:30
npdoty
npdoty reviewed Mar 17, 2020
View reviewed changes
index.bs Outdated Show resolved Hide resolved
@npdoty
Copy link
Member

npdoty commented Mar 17, 2020

Should the definitions of restricted/not restricted explain in more detail what that means and why they're restricted? Possible text:

This threat model defines a kind of information as restricted sensitive information if the web platform currently blocks access to it by default or if we plan to evolve the web platform to block access to it by default because of the potential privacy harms from disclosure of that kind of information.

Other information is described as "not restricted sensitive information" even if some users in some situations would find it sensitive. Information in this category may have a lower risk of privacy harm to users or may not currently be restricted because of incompatibility with functionality of the Web. These categories are not static and it may become feasible to block access by default to more kinds of information as the platform develops.

npdoty
npdoty reviewed Mar 17, 2020
View reviewed changes
index.bs Show resolved Hide resolved
@jyasskin jyasskin mentioned this pull request Mar 17, 2020
Open
jyasskin
jyasskin commented Mar 17, 2020
View reviewed changes
Copy link
Member Author

@jyasskin jyasskin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the definitions of restricted/not restricted explain in more detail what that means and why they're restricted?

Great text; I've taken it.

index.bs Outdated Show resolved Hide resolved
index.bs Show resolved Hide resolved
@npdoty
Copy link
Member

npdoty commented Mar 17, 2020

Looks good to me; great that we've marked some of the open issues so that it'll be clear the ongoing work we'll need on this kind of threat.

@jyasskin jyasskin changed the title Sensitive info threat model Add a sensitive information threat model Mar 17, 2020
@jyasskin jyasskin merged commit 88e17e1 into w3cping:main Mar 17, 2020
@jyasskin jyasskin deleted the sensitive-info-threat-model branch March 17, 2020 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npdoty npdoty npdoty requested changes

@dominickng dominickng dominickng left review comments

@engedy engedy engedy left review comments

@tildelowengrimm tildelowengrimm Awaiting requested review from tildelowengrimm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jyasskin @npdoty @dominickng @engedy