Melatonin64
commented
6 years ago I understand that there are security concerns with exposing these properties, but setting an upper limit on navigator.connection.downlink might be excessive.
It renders that property useless for some use cases (or at least much less useful).
An example of such a use case would be adaptive video streaming.
Let's say I'm implementing a client-side DASH video player.
Instead of starting playback with some default video quality and adjusting as we go, I could use the navigator.connection.downlink property to start with the most appropriate representation.
Nowadays, when gigabit internet connections are available to consumers, 4K video resolutions (and above) are gaining popularity and the NetworkInfo API is no longer only available on mobile devices, it makes little sense to limit this value to 10 Mbps.
Will imposing a lower limit on kbps instead help to improve privacy? Seems to me this would be analogous to the upper limit on RTT...
Please consider removing the upper kbps limit (or at least increasing its value to keep with the times).
jkarlin
tarunban
Three changes have been suggested in the network quality exposed via JS API. The goal here is to reduce the chances for cross-origin fingerprinting:
Up to 10% random noise should be added to the network quality estimates before exposing it via Javascript API. The noise should be a function of the hostname, and the noise should remain constant for a given hostname.
The current bucket size in the network quality estimates is 25 msec (for RTT) and 25 Kbps (for downlink). This means currently the estimate is rounded off to the nearest 25 msec or 25 kbps before exposing it via JS API. The bucket size can be updated to 50 msec / 50 kbps.
The upper limit on the estimates should be added. For RTT, the upper limit can be 3000 msec, and for kbps it can be 10000 kbps.