w3cping · jyasskin · Mar 17, 2020 · Jan 9, 2020 · Jan 10, 2020 · Mar 9, 2020
diff --git a/index.bs b/index.bs
@@ -247,7 +247,7 @@ usually more significantly than [[#hl-recognition-same-site]].
 
 This occurs if a site can determine with high probability that a visit to that
 site comes from the same user as another visit to a *different* site.  This
-threat is discussed in [[#model-anti-tracking]].
+threat is discussed in [[#model-cross-site-recognition]].
 
 ## Sensitive information disclosure ## {#hl-sensitive-information}
 
@@ -265,6 +265,15 @@ For example:
 * Calendar entries.
 * ...
 
+A particular piece of information may have different sensitivity for different
+users. Language preferences, for example, might typically seem innocent, but
+also can be an indicator of belonging to a minority ethnicity. Precise location
+information can be extremely sensitive (because it's identifying, because it
+allows for in-person intrusions, because it can reveal detailed information
+about a person's life) but it might also be public and not sensitive at all, or
+it might be low-enough granularity that it is much less sensitive for many
+users.
+
 ## Intrusive behavior ## {#hl-intrusion}
 
 See [=intrusion=].
@@ -286,10 +295,65 @@ Contributes to [=misattribution=].
 For example, a site that sends SMS without the user's intent could cause them to
 be blamed for things they didn't intend.
 
+# Threat Model # {#model}
+
+For each of the <a href="#high-level-threats">high-level threats</a>, we
+describe a threat model: a description of what goals attackers with various
+capabilities should or should not be able to achieve. For simple threats, a
+model can be expressed in prose, while complex threat models use a grid to
+express the web platform's target guarantees.
+
+<span style="color:green">✘</span> indicates that the goal should be frustrated,
+while <span style="color:red">✓</span> indicates that the attacker can achieve
+their goal.
+
+Issue: Should we mark goals attackers can currently achieve, which we want to
+remove, differently from goals attackers already can't achieve?
+
 <pre class="include">
-path: model.bsinc
+path: xsite-tracking-model.bsinc
 </pre>
 
+## Sensitive-information ## {#model-sensitive-information}
+
+Attackers should only be able to get access to sensitive information from a
+[=user agent=] if they can convince the user to express their intent that the
+attacker get access to this information at the time the attacker gets access to
+it. User agents vary in how they gather this expression of intent.
+
+That a user intends an attacker to get a piece of information at one time, for
+example their location or their contact book, may be, but is not necessarily
+evidence that the user intends to give out the same piece of information at
+a later time. There is not consensus about how long it's reasonable to infer
+continued intent, but there is consensus that intent doesn't last for years
+without interaction.
+
+This threat model defines a kind of information as <dfn>restricted sensitive
+information</dfn> if we plan to evolve the web platform to block access to it by
+default. Other information is described as "not [=restricted sensitive
+information=]" even if some users in some situations would find it sensitive.
+
+There is consensus that some kinds of information are [=restricted sensitive
+information=]:
+
+* Location
+* Disability status
+* Microphone input
+* Etc.
+
+There is consensus that some other kinds of information are not [=restricted
+sensitive information=]:
+
+* User agent
+* Language
+* A user's <a descriptor for="@media" lt="prefers-reduced-motion">preference for
+    less motion</a>.
+* Etc.
+
+There is not consensus about the sensitivity of all kinds of information:
+
+* TODO: examples?
+
 <pre class="include">
 path: capabilities.bsinc
 </pre>

diff --git a/model.bsinc → xsite-tracking-model.bsinc b/model.bsinc → xsite-tracking-model.bsinc
@@ -1,17 +1,4 @@
-# Threat Model # {#model}
-
-This table summarizes which capabilities should allow attackers to achieve which
-goals and, conversely, which goals should be frustrated for attackers even when
-they have certain capabilities.
-
-<span style="color:green">✘</span> indicates that the goal should be frustrated,
-while <span style="color:red">✓</span> indicates that the attacker can achieve
-their goal.
-
-Issue: Should we mark goals attackers can currently achieve, which we want to
-remove, differently from goals attackers already can't achieve?
-
-## Anti-tracking ## {#model-anti-tracking}
+## Cross-site recognition ## {#model-cross-site-recognition}
 
 <table class="threatmodel">
 <tr class="goals">