W3C home > Mailing lists > Public > public-device-apis-log@w3.org > June 2017

Re: [battery] Allow use from within secure context and top-level browsing context only

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Mon, 19 Jun 2017 13:22:58 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-309437917-1497878576-sysbot+gh@w3.org>
>If we want to change the default, then I think there definitely should be a policy opt-in. This is pretty trivial to add these days - @clelland can help. I don't know how easy it is for cases like Maps and YouTube to get container pages to update their <iframe> elements, but it's at least something (and consistent with the other "interventions" we've done like blocking vibrate in iframes by default).

@RByers, did I read you right that you'd be supportive of limiting this API to the top-level browsing context assuming we'd add an appropriate [policy directive] for battery?

@mounirlamouri, would that work for you too?

>Also +1 to there being legitimate power-monitoring use cases here. I don't know details but I've heard that major mobile apps have been able to detect power regressions in the wild based ONLY on rough telemetry of how often they see a 2-digit battery meter tick down by 1%. If true, that's pretty powerful for empowering sites to improve their battery overheads. That case could, of course, be addressed with lower fingerprint risk by some sort of relative API instead of an absolute one.

Thanks! The power-monitoring use cases you expanded further sound very valuable indeed.

[policy directive]: https://wicg.github.io/feature-policy/#policy-directive
[security and privacy]: https://w3c.github.io/battery/#security-and-privacy-considerations

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/battery/issues/10#issuecomment-309437917 using your GitHub account
Received on Monday, 19 June 2017 13:23:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC