Closed Bug 797650 Opened 12 years ago Closed 12 years ago

Do we need a permission for Network Information API?

Categories

(mozilla.org :: Security Assurance, task, P2)

x86
macOS

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: pauljt, Unassigned)

References

()

Details

In bug 677166 there was discussion around restricting access to the Network Information API. As far as I know, no restrictions have been implemented and I wanted to make sure this was a conscious decision, not just an oversight. (Mounir, your comment in https://etherpad.mozilla.org/permissionmatrixupdates confused me, since you wrote this: http://dvcs.w3.org/hg/dap/raw-file/tip/network-api/Overview.html#security-and-privacy-considerations ) This API returns bandwidth and metered. Metered seems fairly safe, but how specific is bandwidth? Do we do any rounding or fuzzing to reduce the usefulness as a fingerprinting measure? Or should this API be installed apps and above only?
No. This API should be exposed to all webpages and apps. It's been designed to be no more sensitive than the normal DOM. This was definitely an intentional decision.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.