Re: [wake-lock] Introduce rate limiting to prevent wake lock abuse (#124)

My recollection is that acquiring a wake lock doesn't actually take an appreciable time at an OS level and at a browser level we simply maintain a count of the number of `WakeLock` instances that are active. It is theoretically possible to exploit the slightly longer delay associated with activating an OS level wake lock as a side-channel. This could be mitigated by adding a small delay before resolving the `Promise` returned by `request()`. For all practical purposes the uncertainty introduced by cross-process messaging may be sufficient to avoid the side-channel. This will have to be measured.

-- 
GitHub Notification of comment by reillyeon
Please view or discuss this issue at https://github.com/w3c/wake-lock/issues/124#issuecomment-480891612 using your GitHub account

Received on Monday, 8 April 2019 15:55:31 UTC