From ca28123a69c331cf45df486ead92e979c734f3b6 Mon Sep 17 00:00:00 2001
From: "Patrick H. Lauke" <redux@splintered.co.uk>
Date: Wed, 18 Dec 2024 12:54:11 +0000
Subject: [PATCH 1/5] Proposed security/privacy addition for precision

Closes https://github.com/w3c/pointerevents/issues/517
---
 index.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/index.html b/index.html
index e78b6f3..45a0d17 100644
--- a/index.html
+++ b/index.html
@@ -1496,6 +1496,12 @@ <h1>Security and privacy considerations</h1>
         <p>Pointer events contain additional information (where supported by the user's device), such as the angle or tilt at which a pen input is held, the geometry of the contact surface, and the pressure exerted on the stylus or touch screen. Information about angle, tilt, geometry and pressure are directly related to sensors on the user's device, meaning that this specification allows an origin access to these sensors.</p>
         <p>This sensor data, as well as the ability to determine the type of input mechanism (mouse, touch, pen) used, may be used to infer characteristics of a user, or of the user's device and environment. These inferred characteristics and any device/environment information may themselves be sensitive — for instance, they may allow a malicious site to further infer if a user is using assistive technologies. This information can also be potentially used for the purposes of building a user profile and/or attempting to "fingerprint" and track a particular user.</p>
         <p>As mitigation, user agents may consider including the ability for users to disable access to particular sensor data (such as angle, tilt, pressure), and/or to make it available only after an explicit opt-in from the user.</p>
+        <p>Factory calibration information for sensors may be used to fingerprint individual devices, based on specific fluctuations and characteristics of sensor data. While this specification defines many of the sensor-related event attributes with <code>float</code> and <code>double</code> precision, we recommend that implementations limit the sensor data they expose to a practically useful precision:</p>
+        <ul>
+            <li>For sizes and coordinates, the minimum precision should be precise enough to differentiate physical pixels of the current device's screen</li>
+            <li>For pressures and other analog values, the minimum precision should allow for at least 256 distinct values, to avoid significant banding or perceivable stepped jumps in values</li>
+            <li>For angles, the minimum precision should at least be 1 degree</li>
+        </ul>
         <p>This specification defines the method by which authors can access "predicted events". The specification does not, itself, define the algorithms that user agents should use for their prediction. The specification authors envisage the algorithms to only rely on preceding pointer events related to the current gesture that a user is performing. It is the responsibility of user agents to ensure that their specific implementation of a prediction algorithm does not rely on any additional data - such as the user's full interaction history across different sites - that could reveal sensitive information about a user or be used to "fingerprint" and track them.</p>
         <p>Beyond these considerations, the working group believes that this specification:</p>
         <ul>

From 6b4325a75c84aa51728bbfe98646c7d592dd0a0f Mon Sep 17 00:00:00 2001
From: "Patrick H. Lauke" <redux@splintered.co.uk>
Date: Wed, 18 Dec 2024 16:22:36 +0000
Subject: [PATCH 2/5] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 45a0d17..1205e12 100644
--- a/index.html
+++ b/index.html
@@ -1498,7 +1498,7 @@ <h1>Security and privacy considerations</h1>
         <p>As mitigation, user agents may consider including the ability for users to disable access to particular sensor data (such as angle, tilt, pressure), and/or to make it available only after an explicit opt-in from the user.</p>
         <p>Factory calibration information for sensors may be used to fingerprint individual devices, based on specific fluctuations and characteristics of sensor data. While this specification defines many of the sensor-related event attributes with <code>float</code> and <code>double</code> precision, we recommend that implementations limit the sensor data they expose to a practically useful precision:</p>
         <ul>
-            <li>For sizes and coordinates, the minimum precision should be precise enough to differentiate physical pixels of the current device's screen</li>
+            <li>For sizes and coordinates, the values should be no more precise than 1/10th of a discrete physical pixel of the current device's screen</li>
             <li>For pressures and other analog values, the minimum precision should allow for at least 256 distinct values, to avoid significant banding or perceivable stepped jumps in values</li>
             <li>For angles, the minimum precision should at least be 1 degree</li>
         </ul>

From e185d17883ebfebd42c7e8d3a7bf6b834c0eed74 Mon Sep 17 00:00:00 2001
From: "Patrick H. Lauke" <redux@splintered.co.uk>
Date: Wed, 18 Dec 2024 16:27:10 +0000
Subject: [PATCH 3/5] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 1205e12..50451b5 100644
--- a/index.html
+++ b/index.html
@@ -1499,7 +1499,7 @@ <h1>Security and privacy considerations</h1>
         <p>Factory calibration information for sensors may be used to fingerprint individual devices, based on specific fluctuations and characteristics of sensor data. While this specification defines many of the sensor-related event attributes with <code>float</code> and <code>double</code> precision, we recommend that implementations limit the sensor data they expose to a practically useful precision:</p>
         <ul>
             <li>For sizes and coordinates, the values should be no more precise than 1/10th of a discrete physical pixel of the current device's screen</li>
-            <li>For pressures and other analog values, the minimum precision should allow for at least 256 distinct values, to avoid significant banding or perceivable stepped jumps in values</li>
+            <li>For pressures and other analog attributes, these should allow for a maximum of 256 distinct values</li>
             <li>For angles, the minimum precision should at least be 1 degree</li>
         </ul>
         <p>This specification defines the method by which authors can access "predicted events". The specification does not, itself, define the algorithms that user agents should use for their prediction. The specification authors envisage the algorithms to only rely on preceding pointer events related to the current gesture that a user is performing. It is the responsibility of user agents to ensure that their specific implementation of a prediction algorithm does not rely on any additional data - such as the user's full interaction history across different sites - that could reveal sensitive information about a user or be used to "fingerprint" and track them.</p>

From 108fa2bd7005183f1d14e047a43c73cec99e7426 Mon Sep 17 00:00:00 2001
From: "Patrick H. Lauke" <redux@splintered.co.uk>
Date: Wed, 18 Dec 2024 16:29:49 +0000
Subject: [PATCH 4/5] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 50451b5..37d0275 100644
--- a/index.html
+++ b/index.html
@@ -1500,7 +1500,7 @@ <h1>Security and privacy considerations</h1>
         <ul>
             <li>For sizes and coordinates, the values should be no more precise than 1/10th of a discrete physical pixel of the current device's screen</li>
             <li>For pressures and other analog attributes, these should allow for a maximum of 256 distinct values</li>
-            <li>For angles, the minimum precision should at least be 1 degree</li>
+            <li>For angles, the precision should be no more than <code>0.1</code> degrees</li>
         </ul>
         <p>This specification defines the method by which authors can access "predicted events". The specification does not, itself, define the algorithms that user agents should use for their prediction. The specification authors envisage the algorithms to only rely on preceding pointer events related to the current gesture that a user is performing. It is the responsibility of user agents to ensure that their specific implementation of a prediction algorithm does not rely on any additional data - such as the user's full interaction history across different sites - that could reveal sensitive information about a user or be used to "fingerprint" and track them.</p>
         <p>Beyond these considerations, the working group believes that this specification:</p>

From 0b7fdbebd5ce1d4a90ece0edfbcf3769545588d4 Mon Sep 17 00:00:00 2001
From: "Patrick H. Lauke" <redux@splintered.co.uk>
Date: Wed, 18 Dec 2024 16:30:36 +0000
Subject: [PATCH 5/5] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 37d0275..56eeed8 100644
--- a/index.html
+++ b/index.html
@@ -1499,7 +1499,7 @@ <h1>Security and privacy considerations</h1>
         <p>Factory calibration information for sensors may be used to fingerprint individual devices, based on specific fluctuations and characteristics of sensor data. While this specification defines many of the sensor-related event attributes with <code>float</code> and <code>double</code> precision, we recommend that implementations limit the sensor data they expose to a practically useful precision:</p>
         <ul>
             <li>For sizes and coordinates, the values should be no more precise than 1/10th of a discrete physical pixel of the current device's screen</li>
-            <li>For pressures and other analog attributes, these should allow for a maximum of 256 distinct values</li>
+            <li>For pressure attributes, these should allow for a maximum of 256 distinct values</li>
             <li>For angles, the precision should be no more than <code>0.1</code> degrees</li>
         </ul>
         <p>This specification defines the method by which authors can access "predicted events". The specification does not, itself, define the algorithms that user agents should use for their prediction. The specification authors envisage the algorithms to only rely on preceding pointer events related to the current gesture that a user is performing. It is the responsibility of user agents to ensure that their specific implementation of a prediction algorithm does not rely on any additional data - such as the user's full interaction history across different sites - that could reveal sensitive information about a user or be used to "fingerprint" and track them.</p>