- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Tue, 13 May 2025 15:53:17 +0000
- To: public-device-apis-log@w3.org
The thread is at https://chromium-review.googlesource.com/c/chromium/src/+/6373001/comments/4d10e46a_22e9de4c. And, for completeness, I'll paste the rest in here: >>> @mikewest: Experimenting with this is totally reasonable. That said, I'm interested in understanding how y'all are evaluating the risk that this addition poses. One of the concerns with this API generally is that it provides insight into the activity of other parts of the underlying system. It seems like that risk is exacerbated by allowing developers to more easily distinguish their own activity from the activity of other sites. I didn't see any additional security/privacy risks discussed in the specification, but I likely missed it. I'd appreciate you pointing me in the right direction. :) >>> >> >> @kenchris: Thanks for your feedback, Mike! The experimentation makes sense, and we appreciate your interest in the risk evaluation. >> >> Regarding the concerns about insight into the broader system: if a developer finds they are responsible for most of say, the critical pressure, the takeaway is mostly that the rest of the system is functioning well—there’s not much more to learn from that data alone. On the other hand, if their contribution to the critical pressure is small, then their understanding is essentially limited to the global pressure state, and they don't gain much additional information. >> >> Additionally, the global states are still exposed as four very high-level states. Being able to distinguish one's own activity from that does provide a more precise understanding of system behavior, which can be quite useful. For instance, developers could ask users to close other apps to improve performance or recognize when optimizations are needed in their own applications. >> >> That said, if there are specific security or privacy risks that we haven’t considered, we’d love to be pointed in the right direction. We can also add additional discussion around these risks to the specification to ensure all relevant concerns are properly addressed. > > @mikewest: Right. We built the API to have very fuzzy granularity, and evaluated it within that context. It seems like this addition intends to enable more granularity and better understanding of the impact of the rest of the system. While I agree that might create meaningful improvements for developers, it seems like it might also meaningfully change the way we ought to evaluate the API's risk. At core, the `ownContributionEstimate` attribute increases the level of detail we're providing to developers about the system's state. I'd like to understand how y'all are evaluating that against the privacy/security risks in the doc. As this weakens one of the protections (minimization), I'd like to know that y'all remain comfortable with the API's leakage rate/potential. I didn't see much discussion of the potential risks in https://github.com/w3c/compute-pressure/issues/297 or https://github.com/w3c/compute-pressure/pull/298. Can you help me understand your evaluation? -- GitHub Notification of comment by mikewest Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/315#issuecomment-2877066893 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 13 May 2025 15:53:18 UTC