Hi, I would like a privacy point of view regarding a feature that some Web Developers are requesting: exposing the user's connection type to the Web.
In the likely case that you have not heard about it before, the Network Information API [1] is an API we have been working on for Firefox OS/Android and end up implemented only on Firefox Android because we kind of lost faith on it. As you would see with a quick glance at that API, the purpose is to expose the information about the current network connection without returning the current network connection type. For that, we simply expose the bandwidth and the metered status. People against this API believe that exposing bandwidth is hard if not unrealistic and metered is an information we do not really have. Our response to that is that bandwidth can be more easily estimated (as in not accurate) by the browser than it can be by the content and approximate bandwidth is better than no information. Regarding metered status, we can definitely do a naive and inaccurate assumption that mobile data is metered and not the other kind of connections. This is what native applications currently do anyway and we could improve that approximation if we end up knowing more about the metered status of the connection. The intent of this thread is not to discuss these matters but I would like to give some context. An alternative to some of that is to simply expose the connection type. This is something I have been against for two reasons: - privacy issues (content, by tracking me, could probably guess where I am); - footgun problem (content might write code that assumes that wifi is fast and unmetered while mobile data is slow and metered). Given that I am not an expert in privacy and security and we have a dev-privacy mailing list, I thought that asking here about the privacy aspect of exposing the connection type could be probably more interesting than assuming it is a problem. WDYT? [1] https://dvcs.w3.org/hg/dap/raw-file/tip/network-api/Overview.html Thanks, -- Mounir _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
