- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 6 Jan 2010 12:15:05 +0100
- To: Max Froumentin <maxfro@opera.com>
- Cc: Thomas Roessler <tlr@w3.org>, "public-device-apis@w3.org" <public-device-apis@w3.org>
On 6 Jan 2010, at 11:32, Max Froumentin wrote: >> - What's our use case for *setting* CPU frequency from a Web >> application? > > To be able to throttle the CPU, like those applications that allow you > to select between "conservative", "performance", "power saving" profiles. But that's typically not a feature of an individual application, and certainly not a feature of an individual Web application. I'm concerned that we're getting seriously confused about abstraction levels here. >> - CPU load (and detailed power consumption along with it) can be a >> data leak. I'd like the spec to be clear that this value will >> generally be an average taken over time, > > That's up to the implementation to decide I would expect. Or we would have to specify how to sample battery levels, ambient temperature. It's like blurring the picture of a contact in the Contact API, in a way. > > and I'd like the spec to >> caution against just making this information available. > > I'm happy to add whatever text will come out of the Policy work. Security considerations for individual APIs should be in scope for the specification of that API. In this case: "The ability to gather detailed information about power consumption and timing of a CPU can lead to leakage of information about data processed by that CPU. Implementations should return average values taken over suitable intervals of time." ... or some such.
Received on Wednesday, 6 January 2010 11:15:08 UTC