On Fri, Mar 15, 2019 at 11:35 AM Tom Ritter <t...@mozilla.com> wrote:
> Thanks for more details on the use case. > > On Wed, Mar 6, 2019 at 1:35 AM <d...@mozilla.com> wrote: > > > > On Monday, February 25, 2019 at 4:17:29 PM UTC-8, Martin Thomson wrote: > > > To add to Dan's comments here... > > > > > > Assuming that I'm reading this correctly [1], the fingerprinting risks > are > > > pretty extreme here. In the touch spec, we have a monotonically > increasing > > > counter that doesn't appear to be origin-bound in any way. What is the > > > purpose of this identifier? In the light spec, we have full RGB > control > > > over the light. Does the light change back to a default state when the > > > origin is no longer the primary input focus? > > > > > > Implementing specs of a private GitHub account is fine for the > purposes of > > > getting feedback, but I think that we want a clearer signal that this > is an > > > accepted approach before we ship something like this. When you > consider > > > the potential for security and privacy implications, this is > particularly > > > important. > > > > > > > > > > Hi Martin, > > > > Sorry for reply late. > > We will restrict theses APIs to secure contexts to help it be more > secure. Regarding to the touchId, the reason we wanna make it monotonically > increasing is order to recognize if fingers have been released after the > last touch. Let me give you two examples. > > > > Example 1: Let’s say touchId is currently set to 0 and no fingers are > touching the touchpad. When a finger touches the touchpad, touchId of this > event would be 1. As that finger moves around the touchpad, new touch > events are added with updated coordinates, however, the touchId is still 1 > to denote that the finger has not been lifted from the touchpad. If the > finger is released and touches again, the touchId would then be 2. > > > > Example 2: In the case of multi touch, the first finger that touches the > touchpad would have a touchId of 1. The next finger that touches the > touchpad before the first finger is released would have a touchId of 2. If > the first touch finger is released and touches again, that touchId would be > 3. This way, the application can distinguish between different touches > that have or haven’t been removed from the touchpad. > > > In this situation, it seems like the actual value of the field doesn't > matter, only that it is increasing relative to the last value. So it > should be possible to have separate values based on the origin. > I assume you mean the origin of the top-level page here. As far as I can tell from the current spec, we can implement this restriction based on the current spec but since we are the first engine to ship this it seems prudent to change the spec as well in order to ensure all future implementations would implement this in a privacy-preserving manner. > Not doing so creates a cross-origin tracking and fingerprinting vector. > > > > In terms of lightColor, we would give the default color to [0, 0, 0] if > there is no one set it yet or when it is just plugged in. Then, the > application is allowed to set the controller's lightbar color whenever they > want. I have reached the author and ask him add this description into his > proposal. > > It appears that one can set but cannot read the lightColor, so that's good. > > GamepadPose gives me a lot of concern as well. If I have a gamepad > resting on my desk, I don't want every website to get a persistent > identifier about me because of the pose it's resting in. I think/hope > that there's something in the main gamepad spec where you can't > enumerate gamepads until the user has interacted with them, but I > don't recall for sure. > There is: https://w3c.github.io/gamepad/#dom-navigator-getgamepads. But note that with resist fingerprinting mode we always return an empty array from navigator.getGamepads(). > I am very opposed to shipping this spec without addressing these concerns. > > -tom > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > Thanks, -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
