Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alias performance.now to date.now #2952

Closed
jumde opened this issue Jan 14, 2019 · 4 comments
Closed

Alias performance.now to date.now #2952

jumde opened this issue Jan 14, 2019 · 4 comments
Labels
closed/wontfix privacy security

Comments

@jumde
Copy link
Contributor

jumde commented Jan 14, 2019
edited
Loading

Description

HR-Timers have been implemented in various browsers to provide higher precision timing information for various tasks like script execution and resource fetches. Opening the issue to investigate the fingerprinting risk associated with this API.

https://w3c.github.io/hr-time/#sec-privacy-security
https://www.w3.org/TR/navigation-timing-2/#security

cc: @snyderp
@pes10k
Copy link
Contributor

pes10k commented Jan 14, 2019

https://core.ac.uk/download/pdf/80792157.pdf

Possibly of interest

@tildelowengrimm
Copy link
Contributor

It seems like HR timers don't provide very much value at all. We should probably disable them, or at least substantially decrease their granularity.

@rebron rebron added this to the 1.x Backlog milestone Jan 18, 2019
@tildelowengrimm tildelowengrimm added the priority/P4 Planned work. We expect to get to it "soon". label Jan 24, 2019
@rebron rebron removed this from the 1.x Backlog milestone Feb 7, 2019
@tildelowengrimm tildelowengrimm changed the title Investigate fingerprinting/security risk of HR timers 2 Alias performance.now to date.now Aug 6, 2019
@tildelowengrimm
Copy link
Contributor

Plan of record: disable.

@tildelowengrimm tildelowengrimm added the privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. label Feb 12, 2020
@pes10k
Copy link
Contributor

pes10k commented Jul 23, 2020

I'm going to close this. I think HR timers are probably more bad than good for the web platform, but we dont have any serious plans to actually remove these, and FF is re-enabling, and there are definitely much bigger priorities for us privacy / security wise. Since this is all but guaranteed to never be acted on, im going to pull-the-bandaid-off and just close it

@pes10k pes10k closed this as completed Jul 23, 2020
@pes10k pes10k added closed/wontfix and removed priority/P4 Planned work. We expect to get to it "soon". privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. labels Jul 24, 2020
@arthuredelstein arthuredelstein mentioned this issue Aug 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed/wontfix privacy security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pes10k @tildelowengrimm @jumde @rebron