Closed bershanskiy closed 2 weeks ago
https://lists.webkit.org/pipermail/webkit-dev/2021-May/031853.html:
We're very much uncomfortable with exposing this kind of invasive system information in a Web API, and more importantly, web applications to adjust its workload based on such information. [...]. Given that, we are highly skeptical with your premise that an API like this is needed to create a performant application in the first place.
In 2022, Zoom claimed to need such an API for determining appropriate video feed resolutions and some more advanced features (like background blur). Unfortunately, apparently Zoom never followed up demonstrating how this API would actually help.
Should we add an exception for Zoom?
Hmm... The problem is we don't know which domains would Zoom use if breakage appears. Also, if the breakage is related to when using it live, it would be more difficult to investigate as it needs the real set up to reproduce.
I guess someone tick this:
- [ ] Look into whether these permission policy PRs should be merged (see: https://github.com/uBlockOrigin/uAssets/pull/20143, https://github.com/uBlockOrigin/uAssets/pull/21459, https://github.com/uBlockOrigin/uAssets/pull/22989)
The 2 have been merged as separate PRs so the latest one has nothing to merge into mega one PR anymore.
Describe the issue
Google Chrome (Chromium) 125 will ship with Compute Pressure API enabled by default. This API had been in development since March 2021 and at the time faced criticism from Apple. Apple expressed privacy concerns (cross-domain message passing, device fingerprinting) and claimed that it would be difficult to express the system load as a single value since modern systems are multi-core, support multiple threads per core, dynamic boost and even may be heterogeneous (performance and efficiency cores), support simultaniously on-die GPUs and dedicated GPUs. In 2022, Zoom claimed to need such an API for determining appropriate video feed resolutions and some more advanced features (like background blur). Unfortunately, apparently Zoom never followed up demonstrating how this API would actually help.
Versions
Settings
Notes
I believe that Compute Pressure API will go the way of Battery Status API. Both APIs basically answer the question how wasteful the website should be. In both cases the website could obtain better information by asking the user directly or just measuring its own performance (e.g., dropped frames). Both APIs are impractical for legitimate use, but will not actually expose much fingerprinting resolution to be a real privacy concern. Still, why not block something potentially harmful and completely useless?