To add to Dan's comments here... Assuming that I'm reading this correctly [1], the fingerprinting risks are pretty extreme here. In the touch spec, we have a monotonically increasing counter that doesn't appear to be origin-bound in any way. What is the purpose of this identifier? In the light spec, we have full RGB control over the light. Does the light change back to a default state when the origin is no longer the primary input focus?
Implementing specs of a private GitHub account is fine for the purposes of getting feedback, but I think that we want a clearer signal that this is an accepted approach before we ship something like this. When you consider the potential for security and privacy implications, this is particularly important. On Tue, Feb 26, 2019 at 11:08 AM Daosheng Mu <d...@mozilla.com> wrote: > Hi Daniel, > > We didn't have a chance to discuss privacy issues in Gamepad Extension or > Gamepad API. We were trying to get responses for the Privacy review [1] but > without any updates yet. > > Cheers, > > [1] > https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0030.html > > -- > Daosheng Mu > Software Engineer | Mozilla > d...@mozilla.com > > > On Mon, Feb 25, 2019 at 2:47 PM Daniel Veditz <dved...@mozilla.com> wrote: > > > Neither of the words "security" or "privacy" appear in this spec (most w3 > > web specs have at least a token attempt at a "Privacy and Security > > Considerations" section). At a surface glance this appears to add > > additional fingerprinting exposure. Have you talked to the privacy team > > about ways to minimize this? > > > > -Dan Veditz > > > > On Mon, Feb 25, 2019 at 11:45 AM Daosheng Mu <d...@mozilla.com> wrote: > > > >> Summary: > >> In order to support controllers which have multi touch and light bar > >> features like Sony DualShock 4. The `*multi touch*` and `*light > >> indicator*` > >> APIs for gamepad extensions are the things we must have. In > >> `*GamepadTouch*` > >> API, it would make us know touch surface's dimension and its unique id. > We > >> also will have a way to know where is the place we are touching > according > >> to its position and the unique id. Regarding to > `*GamepadLightIndicator*`, > >> it could tell users the color of controller's light bar. The color is a > >> 8-bit size integer for defining `*red*`, `*green*`, `*blue*`, or other > >> colors to indicate the on-off light indicator is ON. > >> > >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1523350 > >> > >> Link to standard: > >> W3C Multi touch spec proposal: > >> https://github.com/knyg/gamepad/blob/multitouch/extensions.html > >> W3C Light indicator spec proposal: > >> https://github.com/knyg/gamepad/blob/lightindicator/extensions.html > >> > >> Platform coverage: Windows, Mac OS, Linux > >> > >> Estimated or target release: Firefox 68 > >> > >> Preference behind which this will be implemented: > >> "dom.gamepad.extensions.multitouch" and > >> "dom.gamepad.extensions.lightindicator" > >> > >> Do other browser engines implement this? Nope > >> > >> web-platform-tests: none exist (and I don't plan to write WPTs but we do > >> have gamepad mochitest, I will add new tests to cover these two new > APIs.) > >> > >> Is this feature restricted to secure contexts? Nope > >> > >> How stable is the spec? This is a proposal from a vendor, I suppose it > >> would be some minor adjustments coming when other developers start to > >> implement it. I would suggest to make it pref'd off by default until > this > >> proposal be merged to w3c's branch. > >> > >> > >> -- > >> Daosheng Mu > >> Software Engineer | Mozilla > >> d...@mozilla.com > >> _______________________________________________ > >> dev-platform mailing list > >> dev-platform@lists.mozilla.org > >> https://lists.mozilla.org/listinfo/dev-platform > >> > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
