Update presentation-timestamps.md to include security & privacy #107
Conversation
presentation-timestamps.md
Outdated
|
|
||
| ### 01. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary? | ||
|
|
||
| It exposes timing information of a platform/OS operation, namely "VSync". |
There was a problem hiding this comment.
This should cover "and for what purposes is that exposure necessary" - even in just a sentence (and then refer to the remainder of the explainer, since that's what it's about)
You can also mention that it's not the precise vsync time, but a coarsened approximation to it.
presentation-timestamps.md
Outdated
|
|
||
| To some extent, the timing of committing a frame is information about the underlying platform. | ||
| However, this information is already exposed in other ways (the `requestAnimationFrame` callback timestamp), | ||
| and in this specification it is over-coarsen to avoid exposing meaningful information in terms of security. |
There was a problem hiding this comment.
Did you mean "over-coarsened"? (And if so, does that imply that it's even more coarsened that necessary? Could this sentence just say "...it is coarsened to avoid exposing..."?)
presentation-timestamps.md
Outdated
|
|
||
| #### 06. Do the features in your specification expose information about the underlying platform to origins? | ||
|
|
||
| To some extent, the timing of committing a frame is information about the underlying platform. |
There was a problem hiding this comment.
This is true -- you might be able to determine the refresh rate of the user's display, which is potentially a fingerprinting bit. (mostly only if it's not 60hz, I would guess)
|
|
||
| #### 16. Does this specification have both "Security Considerations" and "Privacy Considerations" sections? | ||
|
|
||
| Yes. |
There was a problem hiding this comment.
"Yes. Combined. Right here, you're reading it right now" 😁
SHA: a4a2a86 Reason: push, by noamr Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
No description provided.