On 5/20/11 1:51 PM, Maciej Stachowiak wrote:
Presumably the embedding application would need to require explicit user
consent to enable the feature.
I understand that we have to keep a balance, and statistical fingerprinting is already
dismayingly effective without any new features. However, "enable[d]-by-default with
a hidden pref to disable" sounds like an extremely weak approach to protecting user
privacy.
I can't speak to the security or insecurity of enabling the Resource
Timing APIs. However, I'll note that I see this API as part of the
diagnostic side of WebKit, just like the Web Inspector debugger.
In the case of the Web Inspector today, it requires explicit user
consent to enable the feature - you need to perform a UI gesture to open
the debugger (hot key, menu item, etc).
Besides Resource Timing and Navigation Timing, hopefully in the near
future, all our WebKits will have remote debugging enabled:
http://www.webkit.org/blog/1620/webkit-remote-debugging/
So there's another case where we will need some kind of explicit user
consent to enable the feature.
I wonder if we could lump all this stuff together into a single
"diagnostic mode" run-time guard. Turn it on, all the diagnostic,
perhaps dangerous, API and capability is available. Turn it off - and
it's off by default - and dangerous API and capability is not available.
--
Patrick Mueller - http://muellerware.org
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
