Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy: add compute-pressure permission policy #22989

Merged
merged 1 commit into from
May 17, 2024
Merged

Privacy: add compute-pressure permission policy #22989

merged 1 commit into from
May 17, 2024

Conversation

bershanskiy
Copy link
Contributor

Describe the issue

Google Chrome (Chromium) 125 will ship with Compute Pressure API enabled by default. This API had been in development since March 2021 and at the time faced criticism from Apple. Apple expressed privacy concerns (cross-domain message passing, device fingerprinting) and claimed that it would be difficult to express the system load as a single value since modern systems are multi-core, support multiple threads per core, dynamic boost and even may be heterogeneous (performance and efficiency cores), support simultaniously on-die GPUs and dedicated GPUs. In 2022, Zoom claimed to need such an API for determining appropriate video feed resolutions and some more advanced features (like background blur). Unfortunately, apparently Zoom never followed up demonstrating how this API would actually help.

Versions

  • Browser/version: Google Chrome Canary 124.0.6367.0
  • uBlock Origin version: 1.56.0

Settings

  • None

Notes

I believe that Compute Pressure API will go the way of Battery Status API. Both APIs basically answer the question how wasteful the website should be. In both cases the website could obtain better information by asking the user directly or just measuring its own performance (e.g., dropped frames). Both APIs are impractical for legitimate use, but will not actually expose much fingerprinting resolution to be a real privacy concern. Still, why not block something potentially harmful and completely useless?

@ItsProfessional ItsProfessional mentioned this pull request Mar 20, 2024
Open
36 tasks
@piquark6046 piquark6046 mentioned this pull request Mar 26, 2024
Closed
3 tasks
@MasterKia
Copy link
Member

https://lists.webkit.org/pipermail/webkit-dev/2021-May/031853.html:

We're very much uncomfortable with exposing this kind of invasive system
information in a Web API, and more importantly, web applications to adjust
its workload based on such information. [...]. Given that, we are
highly skeptical with your premise that an API like this is needed to
create a performant application in the first place.

@MasterKia MasterKia merged commit b0e2fd6 into uBlockOrigin:master May 17, 2024
@MasterKia
Copy link
Member

In 2022, Zoom claimed to need such an API for determining appropriate video feed resolutions and some more advanced features (like background blur). Unfortunately, apparently Zoom never followed up demonstrating how this API would actually help.

Should we add an exception for Zoom?

@stephenhawk8054
Copy link
Member

Hmm... The problem is we don't know which domains would Zoom use if breakage appears. Also, if the breakage is related to when using it live, it would be more difficult to investigate as it needs the real set up to reproduce.

@krystian3w
Copy link
Contributor

krystian3w commented May 25, 2024
edited
Loading

I guess someone tick this:

The 2 have been merged as separate PRs so the latest one has nothing to merge into mega one PR anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bershanskiy @MasterKia @stephenhawk8054 @krystian3w