Closed Bug 1004115 Opened 10 years ago Closed 10 years ago

Feature Detection API Limited Data

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
2.0 S1 (9may)

People

(Reporter: curtisk, Unassigned)

References

Details

(Whiteboard: [privacy]) 

The use of the API could be misused in such a way as to allow for fingerprinting of the user in a ways that would not be desirable. As such we should consider if a caller should be able to request all of the possible items or just certain combinations of items before alerting the user of such a request.
What do you mean by "items" here?
Flags: needinfo?(curtisk)
I mean the list of things the api can return data about

    api.window.Navigator.mozBluetooth
    api.window.Navigator.mozContacts
    api.window.Navigator.getDeviceStorage
    api.window.Navigator.addIdleObserver
    api.window.Navigator.mozNetworkStats
    api.window.Navigator.push
    api.window.Navigator.mozTime
    api.window.Navigator.mozFMRadio
    api.window.Navigator.mozSms
    api.window.Navigator.mozCameras
    api.window.Navigator.mozAlarms
    api.window.Navigator.mozTCPSocket
    api.window.Navigator.mozInputMethod
    api.window.Navigator.mozMobileConnections
    api.window.XMLHttpRequest.mozSystem
Flags: needinfo?(curtisk)
bug 938799 has a navigator.getFeature("hardware.memory") which isn't in the list above.  Is that a complete list?
Yeah, hardware.memory should probably be on the list, and I think it should actually be the only item on the list.  I don't think there is any fingerprinting vector to any of the api.* items, as they can all be derived from the UA string.

So, comment 0 seems to suggest that we should ask the user about this.  I'm not sure if I would be very comfortable with that.  Do we expect people to know how to make a decision in response to a prompt such as "Do you want to allow this web page know how much physical memory you have on the device?".
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #5)
> Yeah, hardware.memory should probably be on the list, and I think it should
> actually be the only item on the list.  I don't think there is any
> fingerprinting vector to any of the api.* items, as they can all be derived
> from the UA string.
> 
> So, comment 0 seems to suggest that we should ask the user about this.  I'm
> not sure if I would be very comfortable with that.  Do we expect people to
> know how to make a decision in response to a prompt such as "Do you want to
> allow this web page know how much physical memory you have on the device?".

Don't we ask them for camera, location, and other kinds of privileged requests? While taken by itself this might not be a big deal but if I take enough data points together I can fingerprint a system. So we can't just think of this request as being in a silo by itself but what could this be combined with that could create and issue. And given the user a clear choice as to what is disclosed is IMO not a bad thing. Additionally while this may just be memory size now it could be much more in the future and implementing a user notification system will be simpler when the number of items is smaller is it not?
As I've mentioned in other bugs, we do not plan to expose additional privacy sensitive data through this API after this round of privacy review.  Also as Jonas has mentioned, requiring this API to prompt would basically make it useless.  One key point to keep in mind is that sometimes it's easier to construct a meaningful question from the user such as access to the camera, but we usually do not prompt for questions which are not expressible in a useful way and for which the user won't have enough information/context to provide a good answer to.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.0 S1 (9may)
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.