Security/Reviews/Firefox/NavigationTimingAPI

From MozillaWiki
Jump to: navigation, search
Items to be reviewed

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • for web pages to get timining info about page load
    • how long dns resolution took
    • how long connection setup took
    • transfer time took
    • Dates (like Date.now()), not durations
  • this is only about the html page
    • other timing interfaces in a different api (ResourceTiming)
    • doesn't expose URLs
  • web performance working group at W3C has the spec for this

What solutions/approaches were considered other than the proposed solution?

  • spec compliance

Why was this solution chosen?

  • spec compliance / feature parity
  • IE and Chrome also have this

Any security threats already considered in the design and why?=

  • Spec mentions: detecting proxy servers, ..., avoid exposing URLs
  • spec mentions using same origin policy (editors draft; CR)

Threat Brainstorming

  • [privacy] Precise, broken-down timing information as a side channel for information leaks
  • [privacy] Fingerprinting users (or groups of users!!!) by performance characteristics
  • Redirect count is pinned to 0 if any of the redirects were third-party. So if you know the last piece was a same-host redirect, the 0 tells you it went through another party :/

Conclusions / Action Items

  • [dveditz] Point the Tor folks at the pref for disabling this feature (dom.enable_performance)
  • [curtisk] talk to Sid about privacy
  • why is the IE implementation partial? did they have a problem with something? or were those properties simply not interesting enough to be worth the work?
    • I (biesi) don't believe the IE implementation to be partial...