Raising this item as a result of PING's privacy review

The spec states some requirements in a non-normative security and privacy consideration, and we'd like suggest that these be moved to normative text and that the spec outline methods for implementers to achieve these requirements. Examples of these:

• Preventing the website from learning which apps are installed, or which app the user shared to.
• Limiting information revealed in error messages when share() is rejected.
• A dialog must be presented to the user, from which they can select a share target, even if there's only one target. That dialog is typically OS-level UI, but the need for the browser not to just pass along the share transparently is probably within the scope of the W3C.
• There's also an attack where a URL with an http:// or https:// scheme might redirect to other URLs, and the security and privacy section suggests that share targets could pre-fetch content to make sure that it should be shared. Perhaps some of this work should be pushed into the user agent's responsibilities.

To reiterate, per PING discussion, we'd like to see any requirements stated in the privacy/security section moved into normative text. Suggestions on how the implementer actually accomplishes these requirements could live either in normative or non-normative text.