w3cping / privacy-request

tracking privacy reviews of W3C specifications
10 stars 2 forks source link

Web Neural Network API 2022-06-30 > 2022-09-30 #96

Closed anssiko closed 2 years ago

anssiko commented 2 years ago

Other comments: Thanks to PING participants and other privacy experts for your contributions and participation in the Web Machine Learning Working Group on behalf of the whole WG.

Changes since previous privacy review

The Web Neural Network API received early PING review during 2020-2021: PING reviewed our initial self-review response (#119), the WG merged the self-review (#132) and added initial Security and Privacy Considerations (#170):

Based on additional privacy review conducted by Google Chrome Privacy, the WG updated the privacy considerations in #259:

In June 2022, the WG reviewed the changes since the previous privacy review took place identifying any privacy-impacting changes:

The WG identified the following potentially privacy-impacting issues, triaged with a "privacy-tracker" label:

The WG addressed https://github.com/webmachinelearning/webnn/issues/85 https://github.com/webmachinelearning/webnn/issues/175 and clarified https://github.com/webmachinelearning/webnn/issues/169 in PR https://github.com/webmachinelearning/webnn/pull/271. The WG elevated https://github.com/webmachinelearning/webnn/issues/7 to ethical considerations, a separate deliverable. Furthermore, the WG decided to drop WebGL dependency that removed related fingerprinting concerns:

sandandsnow commented 2 years ago

@anssiko, Thank you to the WG for such a thorough and detailed account of the work the group has undertaken on privacy since the last review. This is the model that all WGs should follow. Thank you.

We will be discussing the specification at our next PING meeting on 21 July 2022.

In the meantime, a couple of observations and questions:

sandandsnow commented 2 years ago

@anssiko, one further question regarding "Power preference indicates preference as related to the power consumption and is considered a hint only and as such does not increase entropy of the fingerprint." - if power preference is set to default, what might the user agent do, and could that reveal information about the device and/or user?

sandandsnow commented 2 years ago

This request was discussed at the PING call on 21 July 2022, but some further consideration and follow-up is needed.

sandandsnow commented 2 years ago

One of the additional concerns identified is - the ethics (and privacy implications) of the identified and potential use cases of the API. A number of the use cases that it would enable are highly privacy-invasive and should include an analysis of the privacy implications of those use cases as well as mitigations. While the described use cases are probably only a subset of use cases that this API could be used for, the examples provided in the specification should help guide the use (or not use) of the API in other situations. (The issue here is not where the processing is done, but whether the API allows a specific activity and whether there is transparency and policy or user controls around that in the API.)

sandandsnow commented 2 years ago

@anssiko, one further question regarding "Power preference indicates preference as related to the power consumption and is considered a hint only and as such does not increase entropy of the fingerprint." - if power preference is set to default, what might the user agent do, and could that reveal information about the device and/or user?

We discussed this during the PING call, but we were not able to sort out whether the hint is fingerprintable. Could you explain in more detail how the power preference works?

sandandsnow commented 2 years ago

Filed https://github.com/webmachinelearning/webnn/issues/280

sandandsnow commented 2 years ago

Closing issue as review has been completed (see https://github.com/webmachinelearning/webnn/issues/280).

anssiko commented 9 months ago

Hi again PING!

NB: I'm piggypacking on this issue to retain context, but please let me know if I should file a new issue instead. On behalf of the WG I hope you're happy to see these changes and look forward to your comments.

We're looking to publish a new CR Snapshot of the Web Neural Network API in Q1'24 and wanted to give you a heads up with the following high-level summary of changes for your information and review:

Since the initial Candidate Recommendation Snapshot the Working Group has gathered further implementation experience and added new operations and data types needed for well-known transformers to support generative AI use cases. In addition, the group has removed select features informed by this implementation experience: higher-level operations that can be expressed in terms of lower-level primitives in a performant manner, and support for synchronous execution. The group has also updated the specification to use modern authoring conventions to improve interoperability and precision of normative definitions and is developing a new feature, a backend-agnostic storage type, to improve performance and interoperability between the WebNN, WebGPU APIs and purpose-built hardware for ML.

We have considered your privacy and ethics guidance as we have evolved this API. Specifically, we have paid attention to not add any extra bits of entropy via power preferences mechanism discussed with you earlier. Further, we have published an updated Ethical Principles for Web Machine Learning W3C Note and have welcomed new participants to the group who aspire to further advance these ethical principles. PING participants interested in this effort are welcome to join the ethics discussion too. I'd like to note your contribution in https://github.com/webmachinelearning/webnn/issues/280#issuecomment-1234168222 has been found helpful by readers and it remains at the top of the use cases section to orientate spec readers and direct them to the ethical principles document.