w3c · marcoscaceres · Oct 25, 2022 · Oct 12, 2022 · Oct 12, 2022 · Oct 12, 2022
diff --git a/index.html b/index.html
@@ -937,20 +937,29 @@ <h2>
         </p>
       </section>
     </section>
-    <section class="informative">
+    <section>
       <h2>
         Privacy and Security Considerations
       </h2>
-      <section>
-        <h3>
-          Access to aspects of a user's local computing environment
-        </h3>
-        <p>
-          The screen orientation type and angle of the device can be accessed
-          with the API specified in this document, and can be a potential
-          fingerprinting vector.
-        </p>
-      </section>
+      <p>
+        A screen's [=current orientation type|type=] and [=current orientation
+        angle|angle=] is a potential fingerprinting vector. To resist
+        fingerprinting (e.g., in private browsing), user agents MAY:
+      </p>
+      <ol>
+        <li>Restrict the value return by the {{ScreenOrientation/type}}
+        attribute to {{OrientationType/"portrait-primary"}} or
+        {{OrientationType/"landscape-secondary"}} so to match the screen's
+        aspect ratio.
+        </li>
+        <li>Always return `0` for the value of the {{ScreenOrientation/angle}}
+        attribute
+        </li>
+        <li>If the screen orientation changes, not fire the
+        {{ScreenOrientation/onchange}} event to reveal a change to a
+        [=secondary=] orientation.
+        </li>
+      </ol>
     </section>
     <section id="conformance"></section>
     <section id="idl-index" class="appendix"></section>