On Mon, May 19, 2014 at 7:14 PM, Mike Hommey <m...@glandium.org> wrote: > On Mon, May 19, 2014 at 06:35:49PM -0700, Jonas Sicking wrote: >> On Mon, May 19, 2014 at 4:10 PM, Rik Cabanier <caban...@gmail.com> wrote: >> > I don't see why the web platform is special here and we should trust that >> > authors can do the right thing. >> >> I'm fairly sure people have already pointed this out to you. But the >> reason the web platform is different is that because we allow >> arbitrary application logic to run on the user's device without any >> user opt-in. >> >> I.e. the web is designed such that it is safe for a user to go to any >> website without having to consider the risks of doing so. >> >> This is why we for example don't allow websites to have arbitrary >> read/write access to the user's filesystem. Something that all the >> other platforms that you have pointed out do. >> >> Those platforms instead rely on that users make a security decision >> before allowing any code to run. This has both advantages (easier to >> design APIs for those platforms) and disadvantages (malware is pretty >> prevalent on for example Windows). > > As much as I agree the API is not useful, I don't buy this argument > either. What prevents a web app to just use n workers, where n is a much > bigger number than what would be returned by the API?
Nothing. The attack I'm trying to prevent is fingerprinting. Allowing workers to run a large number of workers does not allow fingerprinting. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
