This document contains answers to the questions that are listed in the Security and Privacy document.
What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
This specification does not expose new information to web sites apart from showing that it is available for use.
Yes. We tried to minimize the number of APIs so we only expose the bare minimum to what is needed to support the feature set. No duplicate or unneeded API were added.
How does this specification deal with personal information or personally-identifiable information or information derived thereof?
No new personal information is exposed by this specification.
No sensitive information is exposed by this specification. Layers are just new surfaces that can be rendered using WebGL or HTML Video. It doesn't expose new hit testing features or sensor data, nor does it require new permissions.
No. This specification builds on top of WebXR for its state management. It doesn't introduce new concepts.
What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin?
No additional information (apart from support for the API) is exposed.
No. No new sensor data is requested for this feature.
What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.
This specification gives access to new WebGL color and depth textures. This isn't any different from how WebGL works today.
No
No
No
None apart of support for this feature (once the user is in immersive mode).
WebXR Layers does not introduce new behavior with respect to first-party or third-party contexts. Please refer to the WebXR spec which deals with this problem.
How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?
It behaves identical.
Yes
No