Make platform a low-entropy hint #213
Comments
That doesn’t seem like the right reasoning for exposing more details by default. Even if there are APIs that expose that information, they can be taken into account as part of the Privacy Budget, while exposing that information by default results in passive exposure. However, that information is already leaked passively, through the OS’ network layer (e.g. through sequence numbers). Due to the above leak, it seems reasonable to enable more direct access to that information, that doesn’t require developers to wait a task, go through the awful hacks you mentioned above, or sniff TCP packets. After all, the use-cases that platform information enables are significant, and impact user experience, accessibility as well as spam avoidance, to name a few. At the same time, it would be good to quantify that leak in terms of entropy bits, so that we’d know what we’re letting go here. Theoretically, IP level obfuscation could eliminate some platform-level leaks in some potential future. Exposing that information by default lets go of that option, and we need to know what we lose in that trade-off. |
|
@yoavweiss thanks for the feedback. I wrote up a small (public) document (and stole some of your words...) at https://docs.google.com/document/d/122TG71j9LC_Ne_-vzoNBRFUwi_irIuyi_xYFE1o4iKU/edit#. PTAL, and if you agree, hop on over to the corresponding PR. :) |
|
Thanks for that doc, and for the entropy quantification. |
It's already possible to infer platform (OS) through various web platform APIs, without looking at the
User-Agentheader ornavigator.userAgent, so I think we should move "platform" from high entropy to low. Platform version should remain high entropy.Some examples:
In terms of what this would mean, we would stick
Sec-CH-UA-Platforminto the low-entropy table, and update relevant bits here: https://wicg.github.io/ua-client-hints/#interfaceThe text was updated successfully, but these errors were encountered: