The Resource Timing API allows websites to get information about the network activity needed to load (sub)resources, including the time it took, the protocol it was requested over (after considering HSTS, Alt-SVC and other protocol rules), and the cause of any errors (DNS, TLS error, HTTP error, etc).
Origins allow requesting domains to access this info by sending a Timing-Allow-Origin header, which includes information about which (or * / all) requesting domains can access timing information.
Brave should oppose the standard and not implement. Its not user serving, and it allows all sorts of privacy issues (history leaks most obviously, though possibly geo location through microsec request times, learning the users network conditions through DNS information, and more).
The Resource Timing API allows websites to get information about the network activity needed to load (sub)resources, including the time it took, the protocol it was requested over (after considering HSTS, Alt-SVC and other protocol rules), and the cause of any errors (DNS, TLS error, HTTP error, etc).
Origins allow requesting domains to access this info by sending a
Timing-Allow-Origin
header, which includes information about which (or*
/ all) requesting domains can access timing information.Brave should oppose the standard and not implement. Its not user serving, and it allows all sorts of privacy issues (history leaks most obviously, though possibly geo location through microsec request times, learning the users network conditions through DNS information, and more).