Re: [compute-pressure] Feature can be abused to create cross-site covert channels (#197) from pes10k via GitHub on 2023-06-07 (public-device-apis-log@w3.org from June 2023)

From: pes10k via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Jun 2023 20:36:24 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-1581472260-1686170182-sysbot+gh@w3.org>

@anssiko @kenchris my ask is that any full implementation of the spec mitigation include mitigations for the privacy harms introduced by the spec.  I don't think its sufficient or compatible with the Web's privacy principals and goals for the spec to "require" privacy harming behaviors/features/capabilities, and then leave it up to implementors to figure out how to deal with that privacy harm.

TL;DR; the mitigations should be just as well defined and "required" as the privacy-risking functionality

-- 
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/197#issuecomment-1581472260 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 7 June 2023 20:36:26 UTC