From 6af326e1a4e3b9617228021d1da08b63dbe08c0a Mon Sep 17 00:00:00 2001
From: Sanket Joshi <sajos@microsoft.com>
Date: Fri, 22 Dec 2023 16:11:54 -0800
Subject: [PATCH] Add completed self-review.

---
 ...tag-security-privacy-writingsuggestions.md | 97 +++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 WritingSuggestions/tag-security-privacy-writingsuggestions.md

diff --git a/WritingSuggestions/tag-security-privacy-writingsuggestions.md b/WritingSuggestions/tag-security-privacy-writingsuggestions.md
new file mode 100644
index 00000000..46aa0bed
--- /dev/null
+++ b/WritingSuggestions/tag-security-privacy-writingsuggestions.md
@@ -0,0 +1,97 @@
+### Questions from https://www.w3.org/TR/security-privacy-questionnaire/
+
+## 2. Questions to Consider
+
+### 2.1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
+
+None.
+
+### 2.2. Do features in your specification expose the minimum amount of information necessary to enable their intended uses?
+
+Yes.
+
+### 2.3. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?
+
+No PII or any information derived from them is exposed via this API.
+
+### 2.4. How do the features in your specification deal with sensitive information?
+
+This feature doesn't deal with any sensitive information.
+
+### 2.5. Do the features in your specification introduce new state for an origin that persists across browsing sessions?
+
+No.
+
+### 2.6. Do the features in your specification expose information about the underlying platform to origins?
+
+No.
+
+### 2.7. Does this specification allow an origin to send data to the underlying platform?
+
+No.
+
+### 2.8. Do features in this specification enable access to device sensors?
+
+No.
+
+### 2.9. Do features in this specification enable new script execution/loading mechanisms?
+
+No.
+
+### 2.10. Do features in this specification allow an origin to access other devices?
+
+No.
+
+### 2.11. Do features in this specification allow an origin some measure of control over a user agent’s native UI?
+
+No.
+
+### 2.12. What temporary identifiers do the features in this specification create or expose to the web?
+
+None.
+
+### 2.13. How does this specification distinguish between behavior in first-party and third-party contexts?
+
+This feature does not have behavioral differences between first and third party contexts.
+
+### 2.14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
+
+No differences in private browsing or incognito mode.
+
+### 2.15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
+
+N/A
+
+### 2.16. Do features in your specification enable origins to downgrade default security protections?
+
+No.
+
+### 2.17. How does your feature handle non-"fully active" documents?
+
+No differences in behavior between active and non-active documents.
+
+### 2.18. What should this questionnaire have asked?
+
+N/A
+
+## 3. Threat Models
+
+### 3.1. Passive Network Attackers
+
+No threat.
+
+### 3.2. Active Network Attackers
+
+No threat.
+
+### 3.3. Same-Origin Policy Violations
+
+No threat.
+
+### 3.4. Third-Party Tracking
+
+No threat.
+
+### 3.5. Legitimate Misuse
+
+No threat.