[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Public WebGL] about the VENDOR, RENDERER, and VERSION strings
- To: Mark Callow <firstname.lastname@example.org>
- Subject: Re: [Public WebGL] about the VENDOR, RENDERER, and VERSION strings
- From: Steve Baker <email@example.com>
- Date: Tue, 30 Nov 2010 22:05:35 -0600
- Cc: Benoit Jacob <firstname.lastname@example.org>, public webgl <email@example.com>
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=sjbaker.org; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sjbaker.org; bh=ryetr OUa8nN11++SBTuMFCLB7/U=; b=DAyB4HmZw864FC5zxtcfyTd4Aq63YbRXdMKMQ vHOA3TmXwRndtF6/nFRrnmyaJix3ZMXNsIl1q46avywkjbeZhQ0hqvW2ruldcOlB bGvh8B3hli1i4/6JNFygCIPxL4EuKaFhZEbBQXNtMS64k37XcMFT2uxtkeQSGRNx 8sNCe0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=sjbaker.org; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sjbaker.org; b=OatkeYx0bvU/kmy6NGxYxFdzWxf0FtXcrcQVqbv1TJ3U8NsyHrVbqLAnRlUAJ NyXm2hERqs2KjrdLm1eiid6D4kkzumvYyzZh2zLl7BSwzyxU/MGPkdmxRUULdQ2A gxByOdgTqSZGlaukZrxS0QjPrMAgxv/SS0uNgJsV0AEkJY=
- In-reply-to: <4CF5C25B.firstname.lastname@example.org>
- List-id: Public WebGL Mailing List <public_webgl.khronos.org>
- References: <233976510.450587.1291159701944.JavaMail.email@example.com> <4CF5A3CE.firstname.lastname@example.org> <4CF5C25B.email@example.com>
- Sender: firstname.lastname@example.org
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:22.214.171.124) Gecko/20100520 SUSE/3.0.5 Thunderbird/3.0.5
On 11/30/2010 09:34 PM, Mark Callow wrote:
> It had better not be necessary to jump through hoops such as sniffing
> information about the renderer in order to make compelling WebGL
> content. That in itself will limit the amount of WebGL content that is
> developed. I have seen some very nice content that has not needing to
> do such sniffing.
In part that's because the various gl.get calls are currently still
returning their "true" values.
But if you are serious about wanting to avoid leaking information - then
those functions can't return the true values or it becomes easily
possible to deduce a lot of "identity" information from the various
limits that the card imposes. In order to shut down information
leakage, you'd have to make all those useful get's return the same thing
on all hardware...which means returning the minimum possible thing on
all hardware. You'd also have to turn off the extension mechanism.
When you do that - a lot of the "compelling WebGL content" goes away
because it's like every application is running on the lowest spec card
we can support. Urgh!
If you don't do that - then turning off the useful information in
VENDOR/RENDERER/etc is kinda pointless because the bad guy can still get
a fingerprint from the "gl.get" stuff.
You are currently subscribed to email@example.com.
To unsubscribe, send an email to firstname.lastname@example.org with
the following command in the body of your email: