On 1/15/2015 9:03 PM, Nicholas Hurley wrote:
Patrick,
The predictor may issue dns requests or start connections (including TLS
negotiations, if necessary) entirely based on browsing history combined
with a confidence calculation (the details of which are in the code, but
intentionally left vague via email because they may change in order to
improve performance/privacy/some other concern). To be clear, we aren't
randomly guessing at what to do, and we won't do anything the user hasn't
intentionally done at least once before.
I did not think you were randomly guessing, I guess I'm not convinced
the browser is able to tell what the user has "intentionally" done.
Also, I will note that this feature went through privacy review when it
first landed (details/results at
https://wiki.mozilla.org/Privacy/Reviews/Necko), and "passed" (if that's
the right word) with flying colors. This new landing doesn't change any of
the results of that, it's purely an implementation detail to reduce jank
and CPU usage caused by the feature.
Thanks for providing this link, it's quite interesting (and I'd suggest
in the future including links to privacy reviews when announcing
features whenever there might be a privacy concern!)
Beyond that, it's hard to address any perceived "privacy ramifications"
without knowing people's particular concerns. (As you noted, for the truly
privacy paranoid among us, the feature is easy to disable via about:config.)
(Call this "paranoid", if you must...) I'm not a huge fan of DNS
requests being sent to sites unnecessarily, even if I've been there
before. It could potentially leak information about browsing habits
(i.e. if I'm online or what sites I'm visiting). (I'm sure the argument
against this is that it's unlikely much private information would be
sent this way unless someone was giving each user a separate sub-domain
with super short TTL, but hey people do crazy things. Besides, local IPs
don't really seem to change frequently, at least not in the US...so it
probably isn't hard to tell track if it's me. There's also some
techniques to fingerprint off of TLS negotiation, I'm unsure how far
this gets in that connection, however.) These may or may not be real
concerns, but they're what I immediately thought of when reading your post.
Even if not a large privacy concern, I doubt I'll see a beneficial
tradeoff from reducing my connection times by 100ms. I'm sure other
people will find this super beneficial, however. I'll probably give it a
try before deciding what to do, see if it seems to make a difference.
Thanks for taking the time to respond!
-- Patrick
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
