On Wed, May 7, 2014 at 2:21 PM, Dean Jackson <d...@apple.com> wrote: > > On 6 May 2014, at 11:13 am, Rik Cabanier <caban...@gmail.com> wrote: > > On Mon, May 5, 2014 at 5:52 PM, Simon Fraser <simon.fra...@apple.com>wrote: > >> It allows attackers to know even more about my system, exposing more data >> for fingerprinting. >> > > People can already approximate this today. Approximations are fuzzy so > this might hurt performance if you're not a popular platform or change how > the browser implements workers. > > > There is a difference between approximation and clear detection. During > discussion of a related feature on the WebGL list (for exposing the GPU > information to the page), I noted at the time that it would allow any page > in the world to detect you'd spent X thousand dollars on a Mac Pro in the > last 30 days. Being able to detect the number of cores provides more info - > e.g. you spent X + Y thousand dollars for the upgrade. > > "Let's not show that user ads for vacations in Compton... let's show them > the Bahamas instead." >
Sure, however for fingerprinting, the algorithm does not have to be precise and could be done today. A quick routine that returns 1 or 2 for cheap machines and > 12 for expensive machines would be enough to separate the audience. The fact that this is so easily accomplished today and we don't have any evidence that this is happening, tells me that it is not that valuable. We're definitely not leaking more information. (FWIW if sites were to do this, I would prefer that they don't needlessly spin up my CPU's and drain my battery) Do you really want a page to know that you have a fancy-pants 24-core Mac >> Pro rather than a little Mac mini? >> > > Yes! > If I have 24 cores ready to do work and the page can put them to use, I > would like it to do so. > At the same time, if I just have a old mac mini, I don't want the page to > launch 24 workers as that will exhaust my memory and cause contention. > > > But as Oliver said, maybe I don't want the page to use all cores. > When would I as a user, not want a page or web application to be as fast as possible? Has a user ever complained about a desktop app that uses too many of his CPU's? I think Oliver's point was that other processes might fight for the same CPU resources but that is not unexpected for users. It seems that people are mostly concerned with this routine returning large values. Maybe we can make it return 8 as a maximum for now and revisit it in a year or so?
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
