Try using the privacy principles to analyze the Environment Integrity API proposal

[jyasskin]

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md is a proposal to allow users to prove to websites that they're using a trustworthy device. This is somewhat similar to Safari's Private Access Tokens. The explainer speculates about also proving that the user is running a particular user agent, but that's not a definite part of the proposal yet.

An obvious downside of such a system, especially if user agent identity is included, is that sites might require that users use particular "trustworthy" operating systems or user agents in order to browse those sites. To combat that, the explainer suggests that a fraction of devices could refuse to prove their own software stack, even if they technically could do so. Such a "holdback" would be good for users of minority operating systems and browsers, and probably good for the web as a whole. However, it would likely mean that the particular held back users would see more CAPTCHAs or other bot-prevention UI, which would be bad for those users. Is that an example of the UA being disloyal? If so, do we want the Privacy Principles to say that this disloyalty breaches a duty that UAs owe to their users?

[domfarolino]

Per the loyalty definition:

and instead benefits another actor

Who would the other actor be that benefits from the holdback, if not the user?

[jyasskin]

Other users benefit.

[domfarolino]

I see. I guess I considered all "users" to be the same actor here, since the current user may move in and out of the holdback group over long periods of time and become indistinguishable from the rest at some point, and the holdback/extra "processing" exists to help all of them. I could just be holding the terms wrong though!

[darobin]

We are considering moving UA parts out of the this document, after the statement. This analysis should be part of it.