[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] about the VENDOR, RENDERER, and VERSION strings

On 11/30/2010 09:34 PM, Mark Callow wrote:
> It had better not be necessary to jump through hoops such as sniffing
> information about the renderer in order to make compelling WebGL
> content. That in itself will limit the amount of WebGL content that is
> developed. I have seen some very nice content that has not needing to
> do such sniffing.
In part that's because the various gl.get calls are currently still
returning their "true" values.

But if you are serious about wanting to avoid leaking information - then
those functions can't return the true values or it becomes easily
possible to deduce a lot of "identity" information from the various
limits that the card imposes.  In order to shut down information
leakage, you'd have to make all those useful get's return the same thing
on all hardware...which means returning the minimum possible thing on
all hardware.  You'd also have to turn off the extension mechanism.

When you do that - a lot of the "compelling WebGL content" goes away
because it's like every application is running on the lowest spec card
we can support.  Urgh!

If you don't do that - then turning off the useful information in
VENDOR/RENDERER/etc is kinda pointless because the bad guy can still get
a fingerprint from the "gl.get" stuff.

  -- Steve

You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: