W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2014

Re: [whatwg] Proposal: navigator.cores

From: Ian Hickson <ian@hixie.ch>
Date: Sun, 4 May 2014 20:11:13 +0000 (UTC)
To: Adam Barth <w3c@adambarth.com>
Message-ID: <alpine.DEB.2.00.1405041955580.11724@ps20323.dreamhostps.com>
Cc: whatwg <whatwg@lists.whatwg.org>
On Sat, 3 May 2014, Adam Barth wrote:
>
> Over on blink-dev, we've been discussing [1] adding a property to navigator
> that reports the number of cores [2].
> [1] https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/B6pQClqfCp4
> [2] http://wiki.whatwg.org/wiki/NavigatorCores
> Some of the use cases for this feature have been discussed previously on 
> this mailing list [3] and rejected in favor of a more complex system, 
> perhaps similar to Grand Central Dispatch [4].
> [3] http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-November/024251.html
> [4] http://en.wikipedia.org/wiki/Grand_Central_Dispatch

It's not clear what has changed since that discussion. Why are the 
concerns raised at that time no longer valid?


> As far as I can tell, this functionality exists in every other platform 
> (including iOS and Android).

This is true, but all those platforms have security mechanisms in place to 
mitigate the risk: you have to manually install the application, thus 
granting it either essentially full access to your machine (Win32), or 
you have to have it vetted by a third party (iOS), or you have to examine 
permissions that the application is requesting, and explicitly grant it 
the right to run on your machine.

The Web's security model is radically different. On the Web, we assume 
that it is safe to run any random hostile code, and that that code cannot 
harm you or violate your privacy. There are flaws in the privacy 
protection (i.e. fingerprinting vectors) that browsers are slowly 
patching, but we have worked hard to avoid adding new fingerprinting 
vectors. We should continue to do so.


> Others have raised concerns that exposing the number of cores could lead 
> to increased fidelity of fingerprinting [5].
> 
> My view is that the fingerprinting risks are minimal.  This information 
> is already available to web sites that wish to spend a few seconds 
> probing your machine [6].  Obviously, exposing this property makes that 
> easier and more accurate, which is why it's useful for developers.
> [5] https://groups.google.com/a/chromium.org/d/msg/blink-dev/B6pQClqfCp4/bfPhYPPQqwYJ
> [6] http://wg.oftn.org/projects/core-estimator/demo/

The core estimator is wildly inaccurate. For example, it is highly 
sensitive to machine load. I don't think it's fair to say "well, you can 
get this data with poor fidelity over a few seconds, therefore providing a 
precise number with zero milliseconds latency is no worse".


> IMHO, a more complex worker pool system would be valuable, but most 
> systems that have such a worker pool system also report the number of 
> hardware threads available.

They don't have to, though.


> In fact, the web was the only platform I could find that didn't make the 
> number of cores available to developers.

The Web is unique in attempting to protect users' privacy in the face of 
hostile code without requiring "installation" or a trust-granting step.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 4 May 2014 20:11:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:20 UTC