Paul Theriault [:pauljt] (no longer reading bugmail) Reporter
	Description • 13 years ago

Get basic information about current network connectivity.

	Paul Theriault [:pauljt] (no longer reading bugmail) Reporter
	Comment 1 • 13 years ago

This API is pretty low risk - it provides access to two read-only properties and access to listen to the connection change event. Might be a way to de-anonymize a user between windows.

	Paul Theriault [:pauljt] (no longer reading bugmail) Reporter
	Comment 2 • 12 years ago

Documented here: https://developer.mozilla.org/en-US/docs/DOM/window.navigator.connection

	David Chan [:dchan] Assignee
	Comment 3 • 12 years ago

The API is low risk as mentioned by Paul in comment #1. Two read only attributes and an onchange event is exposed by the idl [1]. Implementation is defined in [2]. There are currently 3 connection information implementations, the android one [3], the sandbox one used for b2g [4] and a default fallback one for platforms without a complete hal implementation [5]

The privacy impacts of this API are minimal as mentioned in the w3 documentation [6]. A malicious page could determine that a connection is metered and attempt to use more data. However there are other ways to detect metering such as IP address. There also isn't incentive to attack only metered connections in my opinion.

Closing this review off as completed.

[1] - http://mxr.mozilla.org/mozilla-central/source/dom/network/interfaces/nsIDOMConnection.idl
[2] - http://mxr.mozilla.org/mozilla-central/source/dom/network/src/Connection.cpp
[3] - http://mxr.mozilla.org/mozilla-central/source/hal/android/AndroidHal.cpp#116
[4] - http://mxr.mozilla.org/mozilla-central/source/hal/sandbox/SandboxHal.cpp#98
[5] - http://mxr.mozilla.org/mozilla-central/source/hal/fallback/FallbackNetwork.cpp#23
[6] - https://dvcs.w3.org/hg/dap/raw-file/tip/network-api/Overview.html

	Mounir Lamouri (:mounir)
	Comment 4 • 12 years ago

(In reply to David Chan [:dchan] from comment #3)
> [..] the sandbox one used for b2g [4] [..]

B2G does not implement this API and the Sandbax is only there to send messages from a content process to the parent process. It is not B2G specific.

	David Chan [:dchan] Assignee
	Comment 5 • 12 years ago

(In reply to Mounir Lamouri (:mounir) from comment #4)
> (In reply to David Chan [:dchan] from comment #3)
> > [..] the sandbox one used for b2g [4] [..]
> 
> B2G does not implement this API and the Sandbax is only there to send
> messages from a content process to the parent process. It is not B2G
> specific.

Thanks for the clarification Mounir. Does this mean that b2g uses the android implementation of network information with the Sandbox hal responsible for sending messages between the process?

	Mounir Lamouri (:mounir)
	Comment 6 • 12 years ago

B2G doesn't use Network Information API at all AFAIK.