Adding to what Tom said... 1. "Web developers want the ability to observe the performance characteristics of their applications" - they want to do so, but *should* they be allowed to do so? The API would give access to deep performance data that could be used for all sorts of nefarious purposes (profiling, fingerprinting, probing for vulnerabilities, etc.).
2. What is the permissions model for allowing access? If a browser supports the API, must it grant access to any arbitrary web app? 3. What about user control over access to the API? 4. The privacy controls are weak. It's not enough to say that "non-normative documents may be created such as Security and Privacy considerations for Performance APIs" or that "Each specification should contain a section detailing any known security or privacy implications for implementers, Web authors, and end users." Privacy and security simply MUST be top of mind here. Peter On 7/11/18 7:51 AM, Tom Ritter wrote: > I have a few concerns. > > The Long Task Specification is essentially a way for a website to know if > you have other tabs open and if they are CPU intensive tasks. That seems in > pretty fundamental opposition to the Same Origin Policy. > > Device Memory clearly has made an effort to make it 'less fingerprintable' > by only reporting possible values of 0.25, 0.5, 1, 2, 4, 8 - but there is > nothing in the spec about omitting it if desired to reduce fingerprinting. > This is a spec issue though, and not a rechartering one I don't think. > > -tom > > > On Wed, Jul 11, 2018 at 12:59 AM, L. David Baron <dba...@dbaron.org> wrote: > >> The W3C is proposing a revised charter for: >> >> Web Performance Working Group >> https://www.w3.org/2018/07/webperf-charter >> https://lists.w3.org/Archives/Public/public-new-work/2018Jul/0002.html >> >> Mozilla has the opportunity to send comments or objections through >> Friday, August 3. >> >> The changes relative to the previous charter are: >> https://services.w3.org/htmldiff?doc1=https%3A%2F% >> 2Fwww.w3.org%2F2016%2F07%2Fwebperf&doc2=https%3A%2F% >> 2Fwww.w3.org%2F2018%2F07%2Fwebperf-charter >> >> Please reply to this thread if you think there's something we should >> say as part of this charter review, or if you think we should >> support or oppose it. >> >> -David >> >> -- >> 𝄞 L. David Baron http://dbaron.org/ 𝄂 >> 𝄢 Mozilla https://www.mozilla.org/ 𝄂 >> Before I built a wall I'd ask to know >> What I was walling in or walling out, >> And to whom I was like to give offense. >> - Robert Frost, Mending Wall (1914) >> >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> >> > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
