canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Privacy/Reviews/TogetherJS: Difference between revisions
→User Data Risk Minimization
| Line 113: | Line 113: | ||
''Requirement:'' Users should be warned against disclosing sensitive information. | ''Requirement:'' Users should be warned against disclosing sensitive information. | ||
{{ResolutionBox|{{new|}}}} | {{ResolutionBox|{{new|Warning Message [https://github.com/mozilla/togetherjs/issues/848 Github Issue 848]}}}} | ||
{{ResolutionBox|{{new|User Impersonation [https://github.com/mozilla/togetherjs/issues/840 Github Issue 840]}}}} | |||
=== Data Leakage === | |||
''Risk:'' Form fields are visible to all members of a session. | |||
''Requirement:'' Ability for sites to disable fields or sets of fields | |||
{{ResolutionBox|{{new|Include setting to turn off form synchronization for a field or set of fields [https://github.com/mozilla/togetherjs/issues/841 Github Issue 841]}}}} | |||
=== Spoofing === | |||
''Risk:'' It is possible to direct a user to an offsite url that could be crafted to resemble the original URL. | |||
''Requirement:'' This should not be allowed or at the very least a warning should appear when changing sites. | |||
{{ResolutionBox|{{new|Disallow navigation offsite via "person X went to URL" See: [https://github.com/mozilla/togetherjs/issues/847 Github Issue 847].}}}} | |||
= Alignment with Privacy Operating Principles = | = Alignment with Privacy Operating Principles = | ||