[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] about the VENDOR, RENDERER, and VERSION strings



On Wed, Dec 1, 2010 at 00:52, Benoit Jacob <bjacob@mozilla.com> wrote:
>> Maybe a way to make RENDERER useful while not giving too much bits
>> would be to return the hardware maker and model but strip out driver
>> information?
>
> That would be a step in the right direction, but these days GPU manufacturers make many different models.
> For NVIDIA alone, there are at least 200 device IDs relevant to WebGL (OpenGL 2 hardware)
>
> So I expect the RENDERER string to give roughly 9 bits of information, with an uneven distribution --- some models are less commons and so their owners would be more exposed.

Yes, but then that's also the case for any kind of less common
setups... eg. people using, say, Opera on Linux are already much more
exposed to browser-tracking than people using Internet Explorer on
Windows ;-)

The way privacy-conscious people workaround this is usually to change
their user-agent string through configuration, this is something that
should be possible as well for WebGL RENDERER string imho.

In general, RENDERER string without driver version would give very
minimal bits considering that the distribution is indeed very uneven
with a strong bias on more popular hardware... and on mobile devices
the number of bits is even lesser considering the lesser number of
designs and the fact that GPU can be inferred by other ways (eg. IOS 4
means PowerVR SGX).


I propose a privacy addition to spec in section 4 (Security), eg :

4.5 Privacy

A WebGL implementation should strip out driver version information (if
any) from the string returned by getParameter(RENDERER).
[non-normative?] An user agent should provide a user configuration
setting to set the RENDERER string returned.



Regards,



>
> To put this in perspective, according to panopticlick, once you remove the user agent (i'm on FF nightlies where it's verbose, but in Firefox stable >= 4.0 it's going to give very little information), my worst browser characteristic here is my HTTP_ACCEPT headers and they give 9 bits of info.
>
> So just RENDERER alone would create a problem equivalent to the worst current problem, assuming that the UserAgent problem gets solved by giving almost no info, see
> http://blog.mozilla.com/dwitte/2010/08/24/user-agent-string-changes-coming-in-firefox-4/
>
> Cheers,
> Benoit
>
>>
>> It still provides quite a good information about the hardware
>> capabilities and its relative strengths/weaknesses.
>> In case slowness is detected high-end applications making use of this
>> kind of sniffing can recommend upgrading to latest drivers (in fact
>> that's something WebGL-enabled browsers should do whenever possible).
>>
>> Regards,
>

-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: