This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

Sensitive info: describe local attackers, confused users, and mitigations #19

Open

jyasskin opened this issue Mar 17, 2020 · 0 comments

Member

jyasskin commented Mar 17, 2020

From #12 (comment), the sensitive information threat model needs to include:

Abusers who temporarily get access to a user's device,
Users who got confused by a permission prompt,
Users who change their minds after granting permission,

and we should describe some mitigations browsers can use.

npdoty mentioned this issue

Add a sensitive information threat model #12

Merged

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.