diff --git a/index.bs b/index.bs
index 72af3ca..a4eb259 100644
--- a/index.bs
+++ b/index.bs
@@ -305,6 +305,39 @@ remove, differently from goals attackers already can't achieve?
 path: xsite-tracking-model.bsinc
 </pre>
 
+## Sensitive-information ## {#model-sensitive-information}
+
+Attackers can only get access to sensitive information if they can convince the
+user to express their intent that the attacker get access to this information at
+the time the attacker gets access to it. User agents vary in how they gather
+this expression of intent.
+
+That a user intends an attacker to get a piece of information at one time, for
+example their location or their contact book, may be, but is not necessarily
+evidence that the user intends to give out the same piece of information at
+a later time. There is not consensus about how long it's reasonable to infer
+continued intent, but there is consensus that intent doesn't last for years
+without interaction.
+
+There is consensus that some kinds of information are sensitive:
+
+* Location
+* Disability status
+* Microphone input
+* Etc.
+
+There is consensus that some other kinds of information are not sensitive:
+
+* User agent
+* Language
+* A user's <a descriptor for="@media" lt="prefers-reduced-motion">preference for
+    less motion</a>.
+* Etc.
+
+There is not consensus about the sensitivity of all kinds of information:
+
+* TODO: examples?
+
 <pre class="include">
 path: capabilities.bsinc
 </pre>