20.05.2011, в 10:10, Tony Gentilcore написал(а): >> Presumably the embedding application would need to require explicit user >> consent to enable the feature. > > My conclusion was different. Given that the timing based privacy > attacks are demonstrable without the interface, I thought it > reasonable to enable-by-default with a hidden pref to disable. But > this is based on the assumption that we aren't actually exposing any > new private information. Am I missing an exploit here?
I'm nowhere near to being an expert here. The reason I'm worried is that this API provides very precise timing data, potentially making fingerprinting and information disclosure much more reliable in practice. - WBR, Alexey Proskuryakov _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev