- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 23 Nov 2011 10:25:41 -0500
- To: Aryeh Gregor <ayg@aryeh.name>
- CC: Ojan Vafai <ojan@chromium.org>, Ian Hickson <ian@hixie.ch>, "Tab Atkins Jr." <jackalmage@gmail.com>, public-webapps@w3.org
On 11/23/11 10:03 AM, Aryeh Gregor wrote: > Can't browsers add instrumentation for this? You have users who have > opted in to sending anonymized data. So for each user, on a small > percentage of pages, intercept all bare-name property accesses in on*. With enough work, this is possible. It'd involve a good deal of complexity or some perf hit, or likely both (even when not sending; there is _always_ a perf hit from having mode code in the codebase). Also, see below. > This would all have to be reviewed by security teams, but it should be > doable in principle. The advantage is your sample would actually be > representative, which could be important in some cases.) In fact, I think it's 100% required here, I think, since a lot of the issues come from non-public applications (those behind various passwords, etc), and the audience for those is not representative. Worse yet, we may not be able to get good statistics out of any sort of statistical scheme, even if the issue would be a stop-ship issue for users. For example, something that a quarter of our users hit every week that keeps them from using a single website they rely on would probably be considered a stop-ship bug, but would be lost in the noise of all the pages the users load during a week. -Boris
Received on Wednesday, 23 November 2011 15:26:15 UTC