Contact emails
Explainer
https://github.com/w3c/webappsec-feature-policy
Design doc/Spec
https://w3c.github.io/webappsec-feature-policy/
Summary
Battery status API gated by feature policy provides developers with a way to control this API availability.
Motivation
Battery status API provides a way to check host device battery status. This might be important eg. for applications which need to ensure enough power is available for completing the task. Unfortunately this kind of API might be misused for fingerprinting, profiling etc. By gating battery status API using feature policy mechanism, developers will be able to disable usage of this API within application, also for third party components.
Risks
Interoperability and Compatibility
Edge: No signals
Firefox: Negative signals - Battery API was removed thus there can’t be feature policy control over this API
Safari: No signals
Web / Framework developers: No signals.
Please include links where possible. Examples include resolutions from relevant standards bodies (e.g. W3C Working Group), tracking bugs, or links to online conversations.
Ergonomics
NA
Activation
NA
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Is this feature fully tested by web-platform-tests?
https://github.com/web-platform-tests/wpt/tree/master/battery-status
Link to entry on the feature dashboard
NA
Requesting approval to ship?
Yes.
Contact emails
Explainer
https://github.com/w3c/webappsec-feature-policy
Design doc/Spec
Summary
Battery status API gated by feature policy provides developers with a way to control this API availability.
Motivation
Battery status API provides a way to check host device battery status. This might be important eg. for applications which need to ensure enough power is available for completing the task. Unfortunately this kind of API might be misused for fingerprinting, profiling etc. By gating battery status API using feature policy mechanism, developers will be able to disable usage of this API within application, also for third party components.
Risks
Interoperability and Compatibility
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTqMstuFj8TFRvnwfWEFiQDMLWn9Pq1QhFsreS4HctfZRQ%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Non-secure context is indeed supported by Chromium. The spec says otherwise but we started by adding a UseCounter.
The usage on non-secure context seems low and in general, we are blocking enough APIs on non-secure contexts so it's probably fair to go forward with that. Though, should we start by adding a deprecation message before simply breaking this?
3.1% is however a significant usage. If we have an idea of which websites are impacted, it may help evaluate the risks here but I'm aware of legit usage of the API in x-origin iframes and it may be unfortunate to break.
-- Mounir
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG_Epq99sOswsA0PY2_ihc8_50i4Econ5c7bJxTzQCOncg%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTqMstuFj8TFRvnwfWEFiQDMLWn9Pq1QhFsreS4HctfZRQ%40mail.gmail.com.
Mobica is a global software services company, delivering and enabling technologies that transform business outcomes for the leading brands in Automotive, Silicon, FinTech, Media and Telecoms. Headquartered in Wilmslow UK with offices across Europe and the US, our established technical and delivery excellence in high quality software engineering drives success for our multinational customers on every continent, every day.Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.This message is intended solely for the addressee(s) and may contain confidential information.If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTqMstuFj8TFRvnwfWEFiQDMLWn9Pq1QhFsreS4HctfZRQ%40mail.gmail.com.
Mobica is a global software services company, delivering and enabling technologies that transform business outcomes for the leading brands in Automotive, Silicon, FinTech, Media and Telecoms. Headquartered in Wilmslow UK with offices across Europe and the US, our established technical and delivery excellence in high quality software engineering drives success for our multinational customers on every continent, every day.Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.This message is intended solely for the addressee(s) and may contain confidential information.If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG_Epq99sOswsA0PY2_ihc8_50i4Econ5c7bJxTzQCOncg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTpZf3yQZRBe1ZYiG3Le_z7xL7w6Tc3T7BwHyhGyzUj0cQ%40mail.gmail.com.
Fingerprinting sounds plausible, but as you say, it could also be
some kind of "avoid heavy ads on certain devices" heuristic which
would be more critical from a compatibility point of view.
Did you try to figure out what the scripts were doing or was it hard to see?
It seems to me that we still don't have a clear enough understanding to make an informed decision.
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTp528oDBhNYTZAZux2CEyHMnsurHKhC%2BuvMPdmc%3DbaDDg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/87671386-b794-35f1-2d41-94bc47ba8e7a%40gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY_cRLUM4izU6WC76SEtv6BCr%2BUh6TGac2GPKfp348Kpxw%40mail.gmail.com.
+Nic
Yoav, if the battery status info is available to first party resources, that should theoretically be sufficient to do this kind of analysis using the RUM data. But since I used mPulse for that analysis, I’ll let Nic confirm/comment.
Utkarsh
Error! Filename not specified.
Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.
This message is intended solely for the addressee(s) and may contain confidential information.
If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTqMstuFj8TFRvnwfWEFiQDMLWn9Pq1QhFsreS4HctfZRQ%40mail.gmail.com.
Mobica is a global software services company, delivering and enabling technologies that transform business outcomes for the leading brands in Automotive, Silicon, FinTech, Media and Telecoms. Headquartered in Wilmslow UK with offices across Europe and the US, our established technical and delivery excellence in high quality software engineering drives success for our multinational customers on every continent, every day.
Find out more at Mobica.com
Error! Filename not specified.
Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.
This message is intended solely for the addressee(s) and may contain confidential information.
If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG_Epq99sOswsA0PY2_ihc8_50i4Econ5c7bJxTzQCOncg%40mail.gmail.com.
Mobica is a global software services company, delivering and enabling technologies that transform business outcomes for the leading brands in Automotive, Silicon, FinTech, Media and Telecoms. Headquartered in Wilmslow UK with offices across Europe and the US, our established technical and delivery excellence in high quality software engineering drives success for our multinational customers on every continent, every day.
Find out more at Mobica.com
Error! Filename not specified.
Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.
This message is intended solely for the addressee(s) and may contain confidential information.
If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTpZf3yQZRBe1ZYiG3Le_z7xL7w6Tc3T7BwHyhGyzUj0cQ%40mail.gmail.com.
Mobica is a global software services company, delivering and enabling technologies that transform business outcomes for the leading brands in Automotive, Silicon, FinTech, Media and Telecoms. Headquartered in Wilmslow UK with offices across Europe and the US, our established technical and delivery excellence in high quality software engineering drives success for our multinational customers on every continent, every day.
Find out more at Mobica.com
Error! Filename not specified.
Mobica Limited is a limited company registered in England and Wales with registered number 05169596 and VAT registered number 223837508. Our registered office is at Crown House, Manchester Road, Wilmslow, Cheshire, SK9 1BH, UK.
This message is intended solely for the addressee(s) and may contain confidential information.
If you have received this message in error, please send it back to us, and immediately and permanently delete it.
Do not use, copy or disclose the information contained in this message or in any attachment.
Mobica complies with all requirements of GDPR and other relevant data protection law. You can view our Privacy Policy at https://mobica.com/privacy-policy/--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABJ1LTp528oDBhNYTZAZux2CEyHMnsurHKhC%2BuvMPdmc%3DbaDDg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/87671386-b794-35f1-2d41-94bc47ba8e7a%40gmail.com.
Akamai mPulse (via boomerang.js) only collects the Battery API data (if available) from the top-level page's context or from inside an anonymous iframe with the document.domain set to the same as the parent frame. So, theoretically, we're always capturing it from same-origin contexts.
Nic Jansma |
||
|
||
Akamai Technologies |
||
Connect with Us: |
||
Hi Mike!
Sorry, I may be confused -- is your earlier question about gathering data directed at us (Akamai), or are you asking about the earlier idea to crawl HA to look at third-party script usage of the API?