W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [Bug 9823] New: Add "maxExecutionContexts" property with number of hardware execution contexts

From: Mark Seaborn <mseaborn@chromium.org>
Date: Thu, 10 Jun 2010 11:10:42 -0700
Message-ID: <AANLkTikf9QqAX8tnBsHxFvePE3kGCunjIghFsgVEGpOp@mail.gmail.com>
To: public-webapps@w3.org
Cc: Jonas Sicking <jonas@sicking.cc>
On Thu, Jun 10, 2010 at 10:04 AM, Jonas Sicking <jonas@sicking.cc> wrote:

> For what it's worth, it's unlikely that we at mozilla will implement
> this anytime soon, if at all. We're currently working on trying to
> reduce the ability to fingerprint [1] and this would be a step in the
> wrong direction for us. This is based on discussions with security
> folks here, so it's possible that others at mozilla has different
> opinions, but I still think it's unlikely that this will get past our
> security reviews for now.
>

While I'm very much in favour of reducing the browser fingerprint, I suspect
that if you expose non-determinism via concurrent message-passing between
web workers, a web app can probably work out how many cores the machine
has.  It can spawn multiple web workers, send many messages, and look at the
message interleaving.  (Do web workers have access to any high resolution
timers that would make this easier?)

That said, just because it's possible to get this information doesn't mean
it should be made easy.

Cheers,
Mark
Received on Thursday, 10 June 2010 18:11:12 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:39 GMT