[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Public WebGL] about the VENDOR, RENDERER, and VERSION strings



Hi,

(just comments, you can skip reading if your time is precious)

In Mozilla's implementation, we decided to just return "Mozilla" for the VENDOR and RENDERER strings. For the VERSION strings, we only put the text required by the WebGL spec. Unfortunately I *guess* that a motivated attacker could still probably get much of that information by examining the result of WebGL rendering.

I'm just interesting in your thoughts if you have any on the subject, especially if you think that there's anything more that can be done to prevent graphics card identification.

My main concern about graphics card / driver identification is that it gives away many bits of user-identifying info, partly disabling anonymity. I'm not so much concerned about targeted attacks on drivers, as an attacker could just blindly try a set of common attacks anyway.

Cheers,
Benoit
-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: