- From: Corentin Wallez <notifications@github.com>
- Date: Mon, 07 Jun 2021 03:17:36 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/626/855802496@github.com>
> 2. Given the power of the API, would it make sense to consider gating this behind a permission? I believe the counter argument is - why should this be behind a permission when WebGL is not, and I think WebGL was an unfortunate choice given how it is being abused to fingerprint users. (Also, I sense crypto miners would love to abuse this...) There's also the WebGL argument, but also that having permission-less access to at list the basic features of WebGPU is generally useful. More and more websites are showing 3D content and it would add a lot of friction to ask for a permission just to show this content. (use cases are online shops, journal/blog articles, ads, company websites, fancy backgrounds, etc). With the structure of the API, the browser should have a lot of choice in how it exposes WebGPU depending on the context of the page (how much the user interacts with it, iframe vs not, etc). I'm not an expert on fingerprinting but AFAIK WebGL fingerprinting (outside the renderer string) is somewhat equivalent to the 2D-canvas fingerprinting. WebGPU should be the same. Likewise crypto-mining abuse is already available with JS/WASM/WebGL and WebGPU shouldn't make it that much more efficient than WebGL AFAIK so browsers should develop/are developing means to detect abuse. > 3. Should the cache be origin-gated? If the compilation is incredibly fast this shouldn't be an issue, but with slow enough compilation times timing-based fingerprinting feels like it would be possible. These caches should be origin-gated, and are listed in https://github.com/privacycg/storage-partitioning > 4. Is there a story for mitigating denial-of-service by exhausting VRAM? (Technically, I guess it won't be a denial of service, but more of a "new tabs paint crazy slow" from an end-user perspective.) The browsers could track VRAM usage on the GPU process, decide on quotas if needed and "lose the device" if they needs to reclaim quota. It's easy to VRAM denial-of-service via other means too (like 2D canvas, but also many stacked GPU-accelerated DOM layer with stuff like will-animate etc). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/626#issuecomment-855802496
Received on Monday, 7 June 2021 10:18:44 UTC