- From: Dean Jackson <dino@apple.com>
- Date: Thu, 08 Aug 2019 06:03:02 +1000
- To: Doug Moen <doug@moens.org>
- Cc: public-gpu@w3.org
> On 7 Aug 2019, at 14:05, Doug Moen <doug@moens.org> wrote: > > > > On Tue, Aug 6, 2019, at 10:35 PM, Myles C. Maxfield wrote: >> We’ve heard this defeatist argument before and entirely disagree with it. > > My point is that security designs by non-experts have a poor track record. > I think fingerprinting security for WebGPU should be designed by a web browser fingerprinting security expert We agree. This *is* advice from our Web Browser fingerprinting security experts. It's not a secret that there are low-level techniques to identify hardware, and thus users. Their existence does not mean it is acceptable to provide high-level ways to identify hardware/users. To give an analogy (that will probably cause more distraction than help, but whatever).... just because someone can throw a brick through your window doesn't mean you should leave your front door unlocked. Maybe some day you'll get brick-proof windows. Dean > , and I also think that you are trying to fix the problem at the wrong level of abstraction. The security should be provided at a level above the WebGPU API.
Received on Wednesday, 7 August 2019 20:04:02 UTC