diff --git a/index.bs b/index.bs
index d0de27f5b..4ef0908f5 100644
--- a/index.bs
+++ b/index.bs
@@ -2234,9 +2234,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
-1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
- user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
- [[#sctn-make-credential-privacy]] for details.
+1. Throw a "{{NotAllowedError}}" {{DOMException}}.
During the above process, the user agent SHOULD show some UI to the user to guide them in the process of selecting and
authorizing an authenticator. When |options|.{{CredentialCreationOptions/mediation}}
is set to {{CredentialMediationRequirement/conditional}}, prominent modal UI should not be shown unless credential creation was previously consented to via means determined by the user agent.
@@ -2683,9 +2681,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Return |constructAssertionAlg| and terminate this algorithm.
-1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
- user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
- [[#sctn-assertion-privacy]] for details.
+1. Throw a "{{NotAllowedError}}" {{DOMException}}.
@@ -8834,8 +8830,8 @@ credential|credentials=] listed by the [=[RP]=] in {{PublicKeyCredentialCreation
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing for
which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
failure response as soon as an excluded [=authenticator=] becomes available. In this case - especially if the excluded
-[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled before the
-timeout and before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
+[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled
+before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
credential|credentials=] listed in the {{PublicKeyCredentialCreationOptions/excludeCredentials}} parameter is available to the user.
The above is not a concern, however, if the user has [=user consent|consented=] to create a new credential before a
@@ -8854,12 +8850,18 @@ key credential|credential=] is listed by the [=[RP]=] in {{PublicKeyCredentialRe
- A named [=public key credential|credential=] is available, but the user does not [=user consent|consent=] to use it.
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing
-for which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
-failure response as soon as the user denies [=user consent|consent=] to proceed with an [=authentication ceremony=]. In this
-case the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
+for which [=public key credential|credentials=] are available.
+For example, one such information leak may happen if the client displays instructions and controls
+for canceling or proceeding with the [=authentication ceremony=]
+only after discovering an [=authenticator=] that [=contains=] a named [=credential=].
+In this case, if the [=[RP]=] is aware of this [=client=] behavior,
+the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
one of the [=public key credential|credentials=] listed in the {{PublicKeyCredentialRequestOptions/allowCredentials}} parameter is
available to the user.
+This concern may be addressed by displaying controls allowing the user to cancel an [=authentication ceremony=] at any time,
+regardless of whether any named [=credentials=] are available.
+
### Privacy Between Operating System Accounts ### {#sctn-os-account-privacy}