Add info to 9.1 & change link

Addresses #398
w3ctag · Jan 25, 2024 · 4e1f941 · 4e1f941
1 parent c8a5914
commit 4e1f941
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/index.bs b/index.bs
@@ -2397,7 +2397,6 @@ This section contains principles for consideration when designing APIs for devic
 
 <h3 id="device-ids">Use care when exposing identifying information about devices</h3>
 
-
 If you need to give web sites access to information about a device,
 use the guidelines below to decide what information to expose.
 
@@ -2411,15 +2410,16 @@ additional information about a device,
 or device identifiers,
 each increase the risk of harming the user's privacy.
 
-One risk is that as more specific information is shared,
+The web app should not be able to distinguish between: the user rejecting
+permission to use a sensor/capability; and that sensor/capability not being present.
+
+Another risk is that as more specific information is shared,
 the set of
 [fingerprinting data](https://www.w3.org/TR/fingerprinting-guidance/)
 available to sites gets larger.
-There are also [other potential risks](https://w3cping.github.io/privacy-threat-model/)
+There are also [other potential risks]([[PRIVACY-PRINCIPLES#threats]])
 to user privacy.
 
-Issue: Privacy Threat Model is not ready for prime time.
-
 If there is no way to design a less powerful API,
 use these guidelines when exposing device information: