On Mon, Aug 30, 2021 at 11:06 AM Ryosuke Niwa <rn...@webkit.org> wrote:
> On Mon, Aug 30, 2021 at 1:17 AM Thomas Steiner <to...@google.com> wrote: > >> On Sun, Aug 29, 2021 at 1:00 AM Ryosuke Niwa <rn...@webkit.org> wrote: >> >>> I don't think exposing the information about whether the connection is >>> metered or not is acceptable from the privacy standpoint. Based on the IP >>> address of a user & this metered status, a website may even be able to tell >>> what kind of carrier plan a given user is in. >>> >> >> Thanks for the reply, Ryosuke! Just to clarify, the `metered` attribute >> would be a manual user setting, not a browser heuristic. This means you >> could easily mark your all-data included WiFi at home as metered if you >> wanted to, or, on the opposite end, mark your roaming data plan you >> purchased for a ton of money at the airport as unmetered. None of this >> happens without the user voluntarily revealing the information. >> > > I don't think it's fair to characterize any given user telling the OS to > reduce the data usage as a consent to be profiled by random websites. I > would certainly not expect such information to be exposed to ad trackers > and alike. > Apple seems to see no issue in exposing this information to iOS/iPadOS apps: https://developer.apple.com/videos/play/wwdc2019/712/?time=959. > You could make the same argument for turning on low power mode but battery > level being low or having low power mode turned on may reveal the user's > socioeconomic status or user's immediate need to take certain actions. It > can lead to egregious consequences like this: > https://www.theverge.com/2016/5/20/11721890/uber-surge-pricing-low-battery. > I definitely would not want to be seeing ads promoting new SIM cards or ads > for a cafe with free WiFi service nearby just because I requested my phone > to reduce data usage. > Yes, bad things like that can happen, and the fact that companies like Uber make "evil" use of available information is no secret. At the same time, companies that make "good" use of information, like Algolia's example ( https://www.algolia.com/blog/engineering/netinfo-api-algolia-javascript-client/), hopefully outweigh the disadvantages. We don't prohibit hammers because they can be abused as a weapon. And again, the information is exposed to random native apps that can likewise profile you. I agree there is a difference between a random native app and a random website, but at the same time we have mitigations like third-party blocking (and ITP on Apple devices) that make such profiling harder and harder. Cheers, Tom
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
