Discuss exposing the GPU model and driver

[jyasskin]

https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info is the status quo. The threat model should discuss how much consensus there is around whatever changes folks think are web-compatible.

[npdoty]

A debug string is a classic example of highly-detailed, non-functionality-driven, hardware-specific information that we'd like to avoid from a fingerprinting perspective. That could just be an open bug on that spec.

I think it might be more valuable for the threat model to discuss debugging information, which comes up occasionally (like in User-Agent string, or Reporting API). How should we provide information for drilling down on particular issues, rather than disclosing it all the time?

[jyasskin]

I was super-unclear when I filed this, sorry. 😕 I think my point was about other APIs like WebGPU where even if a debug string isn't exposed, the different models and drivers will change the observable behavior of some of the functions, so the page can determine this aspect of the hardware if it tries.

I agree we should also be thinking about how to expose debugging information safely. A browser API for use inside "file feedback" operations might be a good way to let users opt in.