Closed
Bug 1004115
Opened 11 years ago
Closed 11 years ago
Feature Detection API Limited Data
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
2.0 S1 (9may)
People
(Reporter: curtisk, Unassigned)
References
Details
(Whiteboard: [privacy])
The use of the API could be misused in such a way as to allow for fingerprinting of the user in a ways that would not be desirable. As such we should consider if a caller should be able to request all of the possible items or just certain combinations of items before alerting the user of such a request.
Reporter | ||
Comment 2•11 years ago
|
||
I mean the list of things the api can return data about
api.window.Navigator.mozBluetooth
api.window.Navigator.mozContacts
api.window.Navigator.getDeviceStorage
api.window.Navigator.addIdleObserver
api.window.Navigator.mozNetworkStats
api.window.Navigator.push
api.window.Navigator.mozTime
api.window.Navigator.mozFMRadio
api.window.Navigator.mozSms
api.window.Navigator.mozCameras
api.window.Navigator.mozAlarms
api.window.Navigator.mozTCPSocket
api.window.Navigator.mozInputMethod
api.window.Navigator.mozMobileConnections
api.window.XMLHttpRequest.mozSystem
Flags: needinfo?(curtisk)
Comment 3•11 years ago
|
||
bug 938799 has a navigator.getFeature("hardware.memory") which isn't in the list above. Is that a complete list?
Comment 4•11 years ago
|
||
Comment 5•11 years ago
|
||
Yeah, hardware.memory should probably be on the list, and I think it should actually be the only item on the list. I don't think there is any fingerprinting vector to any of the api.* items, as they can all be derived from the UA string.
So, comment 0 seems to suggest that we should ask the user about this. I'm not sure if I would be very comfortable with that. Do we expect people to know how to make a decision in response to a prompt such as "Do you want to allow this web page know how much physical memory you have on the device?".
Reporter | ||
Comment 6•11 years ago
|
||
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #5)
> Yeah, hardware.memory should probably be on the list, and I think it should
> actually be the only item on the list. I don't think there is any
> fingerprinting vector to any of the api.* items, as they can all be derived
> from the UA string.
>
> So, comment 0 seems to suggest that we should ask the user about this. I'm
> not sure if I would be very comfortable with that. Do we expect people to
> know how to make a decision in response to a prompt such as "Do you want to
> allow this web page know how much physical memory you have on the device?".
Don't we ask them for camera, location, and other kinds of privileged requests? While taken by itself this might not be a big deal but if I take enough data points together I can fingerprint a system. So we can't just think of this request as being in a silo by itself but what could this be combined with that could create and issue. And given the user a clear choice as to what is disclosed is IMO not a bad thing. Additionally while this may just be memory size now it could be much more in the future and implementing a user notification system will be simpler when the number of items is smaller is it not?
Comment 7•11 years ago
|
||
As I've mentioned in other bugs, we do not plan to expose additional privacy sensitive data through this API after this round of privacy review. Also as Jonas has mentioned, requiring this API to prompt would basically make it useless. One key point to keep in mind is that sometimes it's easier to construct a meaningful question from the user such as access to the camera, but we usually do not prompt for questions which are not expressible in a useful way and for which the user won't have enough information/context to provide a good answer to.
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Target Milestone: --- → 2.0 S1 (9may)
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•