Re: Web Performance: Survey and Workshop - We'd like your input!

On 10.10.12 10:44, "Reitbauer, Alois" <Alois.Reitbauer@compuware.com>
wrote:

>I see this exactly the same way. It will be a feature that requires the
>user to accept that this information gets collected or it will be enables
>by default using a browser flag - this will be useful for testing. I will
>put a proposal together for the upcoming workshop.
>
>I already asked Tobie to work together. Paul you are more than welcome
>too!

Yep, happy to join the effort!

After giving this more thought, I came to the conclusion that there are
all sorts of APIs that were blocked by fingerprinting concerns in the
past, so I wonder if we shouldn't just design a general sort of
domain-based notification prompt (like geolocation), saying something like:

"The current page requests access to advanced functionality that could
potentially be used to track your identity. Do you want to allow this?"
Yes/No

At this point, every API that sits behind the fingerprinting firewall
would be unblocked.

>
>Btw. I also think that Chrome might already provide an API like this
>today. Developer tools run already in the browser so there should be an
>API to get this information.
>
>As a first step I propose to define the use cases we want to support. The
>actual API will then be next.
>
>// Alois
>
>On 10/8/12 5:07 PM, "Tobie Langel" <tobie@fb.com> wrote:
>
>>On 10/8/12 11:17 AM, "Paul Bakaus" <pbakaus@zynga.com> wrote:
>>
>>>On 03.10.12 07:30, "Reitbauer, Alois" <Alois.Reitbauer@compuware.com>
>>>wrote:
>>>
>>>>Sure!
>>>>
>>>>A unified API for diagnosing the performance of Web applications
>>>>exposing
>>>>the same information (JS profiling, memory profiling, rendering, ©) as
>>>>Chrome Developer Tools, Firebug and similar tooling.
>>>
>>>
>>>Yes, thank you! Not sure if we're talking about the same thing, but this
>>>was something Tobie and I proposed when we talked to the group, but
>>>broader than what you are describing - basically, a "developer opt-in
>>>API"
>>>that every browsers' debug mode enables, and implements many of the
>>>debugging/perf APIs for developers that are otherwise not being
>>>implemented because of fingerprinting concerns.
>>
>>Introducing the concept of a "developer/debug" API that triggers a prompt
>>(much like geolocation does) for these things would be awesome.
>>
>>Not only could this help in the above mentioned use cases, it could also
>>be applied to other useful, yet potentially insecure things such as
>>taking
>>screenshots, which would allow automating ref testing (e.g. for CSS[1])
>>but also to diagnose complex browser bugs on applications in production
>>by
>>getting the user to easily send a screenshot.
>>
>>--tobie
>>
>>---
>>[1]: http://wiki.csswg.org/test/reftest
>>
>>
>>
>>
>
>The contents of this e-mail are intended for the named addressee only. It
>contains information that may be confidential. Unless you are the named
>addressee or an authorized designee, you may not copy or use it, or
>disclose it to anyone else. If you received it in error please notify us
>immediately and then destroy it. Compuware Austria GmbH (registration
>number FN 91482h) is a company registered in Austria whose registered
>office is at 1120 Wien, Wagenseilgasse 14, Austria
>

Received on Wednesday, 10 October 2012 11:32:41 UTC