Self-review of security and privacy questionnaire for 2.0 CR transition #1830
Labels
privacy-tracker
Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
Comments
dschuff
added
privacy-tracker
This was referenced Oct 7, 2024
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Answers to questions to consider from https://www.w3.org/TR/security-privacy-questionnaire/
(organized into paragraph form but with references to each question in parens). https://www.w3.org/TR/fingerprinting-guidance/ and https://www.rfc-editor.org/rfc/rfc6973.html have also been consulted but do not ask specific questions.
WebAssembly provides no access to the surrounding environment other than via the JavaScript API described in the JS API specification. Therefore, WebAssembly cannot collect or expose any information (personal, sensitive or otherwise) to Web sites or other parties beyond what can be collected, exposed or processed with JavaScript (2.1, 2.2, 2.3, 2.4, 2.12). WebAssembly memory has the same lifetime as the objects in the surrounding JavaScript environment and is not persisted or serialized (other than by copying it out to JavaScript and using existing serialization APIs) (2.5). No access is provided to the underlying platform or hardware (2.7, 2.8), or to other devices (2.10), or to the user agent’s native UI (2.11).
WebAssembly is an additional program execution mechanism (2.9), and can be executed wherever JavaScript can be executed (2.13, 2.14). Therefore the threat model (3) is essentially the same as for JavaScript code, and has similar considerations for delivery (e.g. WebAssembly code should be protected in transit from active and passive network attackers) and policy (e.g. some loading mechanisms or execution are restricted via mechanisms such as the same-origin policy or Content Security Policy). Origins cannot downgrade security protections (2.16), and non-fully-active documents are handled the same as with JavaScript (2.17).
There are no known security or privacy impacts of any of the new features introduced in version 2.0. There are no new sources of nondeterminism in execution (which would be the most likely source of active fingerprinting information) and (as mentioned above) no new state or access to the underlying platform.
The text was updated successfully, but these errors were encountered: