From 99bbbfbb7a94be3f8a82c272bb76c975522eb2e5 Mon Sep 17 00:00:00 2001
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Thu, 15 Sep 2022 15:38:28 -0700
Subject: [PATCH 1/2] Wire up a way for users to disable particular kinds of
 reporting.

---
 index.src.html | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/index.src.html b/index.src.html
index f0fc84b..ee4cd56 100644
--- a/index.src.html
+++ b/index.src.html
@@ -289,6 +289,13 @@ <h4 id="concept-reports">Reports</h4>
   counter, which is a non-negative integer representing the number of times the
   user agent attempted to deliver the report.
 
+  <h4 id="concept-configuration">User configuration</h4>
+
+  Reporting may be <dfn for="reporting">disabled</dfn> for particular [=report
+  types=], potentially on particular [=origins=]. The specification does not
+  define how [=/user agents=] determine whether their users prefer to disable
+  reporting.
+
   <h3 id="media-type">Media Type</h3>
 
   The media type used when POSTing reports to a specified endpoint is
@@ -493,6 +500,9 @@ <h4 id="generate-report" export algorithm>Generate report of |type| with
 
   1.  Let |settings| be |context|'s [=relevant settings object=].
 
+  1.  If reporting is [=reporting/disabled=] for |type| and |settings|'
+      [=environment settings object/origin=], return.
+
   2.  Let |report| be the result of running [=generate a report=] with |data|,
       |type|, |destination| and |settings|.
 
@@ -1086,8 +1096,8 @@ <h3 id="disable">Disabling Reporting</h3>
   Sending reports costs bandwidth, and potentially could reveal some small
   amount of additional information above and beyond what a website can obtain
   in-band ([[NETWORK-ERROR-LOGGING]], for instance). User agents MUST allow
-  users to disable reporting with some reasonable amount of granularity in order
-  to maintain the priority of constituencies espoused in
+  users to [=reporting/disabled|disable reporting=] with some reasonable amount
+  of granularity in order to maintain the priority of constituencies espoused in
   [[HTML-DESIGN-PRINCIPLES]].
 </section>
 

From fdf7f704d5fda41b1f674a9f0f93625e8be1e62a Mon Sep 17 00:00:00 2001
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Fri, 16 Sep 2022 15:11:53 -0700
Subject: [PATCH 2/2] Note that disabled reports are a tracking vector.

---
 index.src.html | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/index.src.html b/index.src.html
index ee4cd56..9f6be17 100644
--- a/index.src.html
+++ b/index.src.html
@@ -296,6 +296,10 @@ <h4 id="concept-configuration">User configuration</h4>
   define how [=/user agents=] determine whether their users prefer to disable
   reporting.
 
+  <p tracking-vector>Changing the default for a [=report type=] across all
+  origins is a [=tracking vector=] because a site can detect that an expected
+  report isn't sent.
+
   <h3 id="media-type">Media Type</h3>
 
   The media type used when POSTing reports to a specified endpoint is
@@ -1099,6 +1103,11 @@ <h3 id="disable">Disabling Reporting</h3>
   users to [=reporting/disabled|disable reporting=] with some reasonable amount
   of granularity in order to maintain the priority of constituencies espoused in
   [[HTML-DESIGN-PRINCIPLES]].
+
+  To reduce the amount that this configuration is a [=tracking vector=], the
+  user agent would need to make it difficult to detect whether it sends an
+  expected report, perhaps by spreading out reports over a wider time or by
+  omitting some reports even if that type of reporting is enabled.
 </section>
 
 <!-- Big Text: IANA -->