New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce rate limiting to prevent wake lock abuse #124
Comments
On your first point, I think the communication channel between separate User Agents can be prevented by only reporting wake lock status for this particular user agent, not system-wide status. I.e. when a user agent has not requested wake lock, it will report wake lock status as inactive even though some other user agent or another OS-level application might be currently holding the wake lock. As for cross-origin channel, I think it is possible to mitigate by only reporting wake lock status to an origin if it has at least one outstanding wake lock request (if it doesn't, report as inactive). In this case, an origin can only see wake lock status if it itself has requested the wake lock and it wouldn't be able to tell if some other origin has also requested it, provided that requests from multiple origins are combined using logical OR (which they are). @arturjanc |
By the way, the spec already addresses (1), in that it determines wake lock status depending on whether the UA has acquired or released the wake lock, regardless of what other applications do:
But I think this should be mentioned more explicitly. |
The That is not how it is done currently, but I think it make sense @reillyeon @anssiko @tomayac |
My recollection is that acquiring a wake lock doesn't actually take an appreciable time at an OS level and at a browser level we simply maintain a count of the number of |
I'm going to close this as addressed. Right now, per spec, the we always call into "acquire a wake lock", which always asks the OS to get the lock. Further, we have a note that makes it clear that:
|
In addition to the security and privacy considerations already covered in the spec (https://www.w3.org/TR/wake-lock/#security-and-privacy-considerations), it seems that there are a couple of other concerns:
The side-channel based on the OS-level lock allows communication not only between different documents, but also between completely separate browser profiles or User Agents running on the same device. This may allow identifying users who rely on such compartamentalization for privacy.
When a website acquires the Wake Lock, this necessarily leaks a bit of information about user activity to other origins. For example, a screen wake lock may indicate that the user started watching a video.
Is it possible to limit the number of times the User Agent may change the state of a wake lock in a given time period (e.g. on the order of a couple of times per minute)? This would prevent the side-channel concern.
When it comes to (2), I'm not sure about a great way to tackle this, other than perhaps not resolving the promise if the acquirer of the wake lock is cross-origin from the listener. Any ideas?
The text was updated successfully, but these errors were encountered: