My new blog post might of interest to anyone running websites / developing apps for people in the UK:
-
> Another wrinkle, CSS and especially fonts, can come from other third parties.
The blogpost expressly addresses third party fonts!
That's why I deleted.
-
@neil over here (Germany specifically) third-party hosted fonts have been a regular topic, a few years back a court awarded someone damages for a site using Google Fonts without informing them.
The "adjust based on user preferences" part I would have thought the intent would be something like "you can store the preference (e.g. if the user uses an option on your site to increase font size), and if doing so leads to more stuff being loaded tell them" but it isn't really clear
i'd guess CSS can be used to deduct uniquely fine-grained identifying aspects of one's computing environment, serving as some sort of super-cookie
-
-
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
@neil Just on the bit where you say "CSS based on the user’s settings... zero degree of privacy intrusion: it works solely based on a user’s choice of settings, and it happens entirely locally, on the user’s device" I'd say that's true if both the dark and light CSS has gone to the user and you're doing an @ query. But if you did, say:
<link rel="stylesheet" media="(prefers-color-scheme: dark)" href="dark.css"> then I think there's a dependent remote request. Which is different. -
@neil Just on the bit where you say "CSS based on the user’s settings... zero degree of privacy intrusion: it works solely based on a user’s choice of settings, and it happens entirely locally, on the user’s device" I'd say that's true if both the dark and light CSS has gone to the user and you're doing an @ query. But if you did, say:
<link rel="stylesheet" media="(prefers-color-scheme: dark)" href="dark.css"> then I think there's a dependent remote request. Which is different.@slowe Interesting - I have not seen it done that way before.
I agree that there is a difference there, technically.
I am still sceptical that that is really sufficient to warrant imposing a regulatory obligation and a banner, since it is just giving effect to a user's preference for dark mode?
-
@slowe Interesting - I have not seen it done that way before.
I agree that there is a difference there, technically.
I am still sceptical that that is really sufficient to warrant imposing a regulatory obligation and a banner, since it is just giving effect to a user's preference for dark mode?
@neil Yep. In fact, despite my zealousness about privacy, I think "dark mode" is something the user has choosen to "present" to the world at a system/browser level, in advance, so they've already made that decision before visiting a website. So, although I'm saying different resources get asked for, I think this is based on a choice that already happened.
-
@neil Yep. In fact, despite my zealousness about privacy, I think "dark mode" is something the user has choosen to "present" to the world at a system/browser level, in advance, so they've already made that decision before visiting a website. So, although I'm saying different resources get asked for, I think this is based on a choice that already happened.
@slowe Yes, I think that that is where I come down on this one too.
-
R relay@relay.infosec.exchange shared this topic
