W3C home > Mailing lists > Public > public-gpu@w3.org > August 2019

Re: Some Feature requests.

From: Dean Jackson <dino@apple.com>
Date: Thu, 08 Aug 2019 06:03:02 +1000
Cc: public-gpu@w3.org
Message-id: <34D8D6D8-1680-4F1F-B1CB-A22CE6029F40@apple.com>
To: Doug Moen <doug@moens.org>


> On 7 Aug 2019, at 14:05, Doug Moen <doug@moens.org> wrote:
> 
> 
> 
> On Tue, Aug 6, 2019, at 10:35 PM, Myles C. Maxfield wrote:
>> We’ve heard this defeatist argument before and entirely disagree with it.
> 
> My point is that security designs by non-experts have a poor track record.
> I think fingerprinting security for WebGPU should be designed by a web browser fingerprinting security expert

We agree. This *is* advice from our Web Browser fingerprinting security experts.

It's not a secret that there are low-level techniques to identify hardware, and thus users. Their existence does not mean it is acceptable to provide high-level ways to identify hardware/users.

To give an analogy (that will probably cause more distraction than help, but whatever).... just because someone can throw a brick through your window doesn't mean you should leave your front door unlocked. Maybe some day you'll get brick-proof windows.

Dean


> , and I also think that you are trying to fix the problem at the wrong level of abstraction. The security should be provided at a level above the WebGPU API.
Received on Wednesday, 7 August 2019 20:04:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:52:26 UTC